1) Introduction

SCLogic and all its affiliated companies (here referred to as “SCLogic”) is committed to protecting your privacy and to developing technology and systems and processes as appropriate that will give you the most powerful and safe online experience. This Privacy Notice applies to the SCLogic website and governs data collection and usage. By using the SCLogic website you consent to the data practices described in this Statement.

This Privacy Notice refers to personal data/personally identifiable information (here referred to as “data”) which is defined as information concerning a living person here referred to as “you” or “your” or otherwise as a “data subject”.

To the extent that visitors to this website are EU residents and to the extent that SCLogic provides goods and/or services to EU residents and/or collects data from such individuals, SCLogic is subject to the provisions of the EU ‘General Data Protection Regulation 2016/679’ (here referred to as the “GDPR”) which is EU-wide, and which serves to protect and enhance the rights of data subjects.

Post 1 January 2021, to the extent that visitors to this website are UK residents and to the extent that SCLogic provides goods and/or services to UK residents and/or collects data from such individuals then SCLogic is additionally subject to the provisions of the ‘UK GDPR’ (here referred to as the “UK GDPR”) and the UK Data Protection Act 2018 and any associated regulatory framework relating to UK data protection and which serves to protect and enhance the rights of UK data subjects.

2) SCLogic – Who We Are

Founded in 1996, SCLogic is a leading provider of the innovative in-building logistics platform, Intra, that leverages the latest scanning, printing, mobile computing, and wireless technologies. The company has thousands of enterprise, government, and university users around the world. SCLogic is headquartered in Annapolis, MD, with offices in New Jersey, Texas, Florida, Colorado, Illinois, California, and Sweden. For more information about SCLogic, please visit our website www.sclogic.com.

3) Collection of your Personal Information

SCLogic collects personally identifiable information such as your email address, name, home or work address or telephone number. SCLogic also collects anonymous demographic information which is not unique to you such as your ZIP code, age, gender, preferences, interests, and favorites.

SCLogic is committed to respecting and protecting your privacy and wants you to feel secure when visiting our site and providing information to us. In order to provide you with relevant information, respond to your requests, and increase the benefits you receive from our website, we sometimes request that you provide us with information about yourself as referred to above.
We have prepared this Privacy Notice to inform you of the information we gather or can sometimes gather and how it can be used. This Notice applies to all SCLogic websites that display or link to this Privacy Notice. You should also note that SCLogic maintains the same privacy practices with respect to data that is collected off-line and this Notice may be relied upon with respect to those methods of data collection and use.

Where SCLogic transfers data from within the EU back to the United States it will do so pursuant to such mechanisms as are validated by the regulatory requirements of the GDPR for such international transfers including but not necessarily limited to the use of EU ‘Standard Contractual [or ‘Model’] Clauses’ as appropriate.

4) Legal basis for and legitimate interest in processing any personal data

To meet SCLogic’s contractual obligations to clients and customers and to also respond to product marketing and technical assistance enquiries where relevant.

5) Consent

Through agreeing to this Privacy Notice you are consenting to SCLogic processing your personal data for the purposes mentioned in this Privacy Notice.

6) How do we use the information we gather?

When we collect information about you it is our intention to tell you why we are asking for the information and what we intend to do with it. You will have the option of not providing the information in which case you will still be able to access other portions of this website although you may not be able to access certain programs or services. In certain areas of our website, we may, where appropriate, enable you to “opt-out” of certain uses of your information or elect to not receive future communications or services.

There is also information about your computer hardware and software that is automatically collected by SCLogic. This information can include: your IP address, browser type, domain names, access times, and referring website addresses. This information is used by SCLogic for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the SCLogic website.

Please keep in mind that if you directly disclose personally identifiable information or personally sensitive data through SCLogic public message boards, this information may be collected and used by others. Note: SCLogic does not read any of your online communications.

SCLogic encourages you to review the privacy statements of websites you choose to link to from SCLogic so that you can understand how those websites collect, use, and share your information. SCLogic is not responsible for the privacy statements or other content on websites outside of the SCLogic family of websites.

7) Use of your Personal Information

SCLogic collects and uses your personal information to operate the SCLogic website and deliver the services you have requested. SCLogic also uses your personally identifiable information to inform you of other products or services available from SCLogic and its affiliates. SCLogic may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.

SCLogic does not sell, rent, or lease its customer lists to third parties. SCLogic may from time to time contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique personally identifiable information (email, name, address, telephone number) is not transferred to the third party. In addition, SCLogic may share data with trusted partners to help us perform statistical analysis, send you email or postal mail, provide customer support or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to SCLogic and they are required to maintain the confidentiality of your information.

SCLogic does not use or disclose sensitive personal information such as race, religion, or political affiliations without your explicit consent.

SCLogic keeps track of the websites and manages our customers visits within SCLogic in order to determine what SCLogic services are the most popular. This data is used to deliver customized content and advertising within SCLogic to customers whose behavior indicates that they are interested in a particular subject area.

SCLogic websites will disclose your personal information without notice only if required to do so by law or in the good faith belief that such action is necessary to:
a) Conform to the edicts of the law or to comply with legal process served on SCLogic or the site, or,
b) Protect and defend the personal safety of users of SCLogic or of the public.

8) Use of Cookies

The SCLogic website uses “cookies” to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.

One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize SCLogic pages or register with an SCLogic site or services, a cookie helps SCLogic to recall your specific information on subsequent visits. This simplifies the process of recording your personal information such as billing addresses, shipping addresses, and so on. When you return to the same SCLogic website the information you previously provided can be retrieved so you can easily use the SCLogic features that you customized.

You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies you may not be able to fully experience the interactive features of the SCLogic services or web sites you visit.

9) Can you update and/or amend the personal information you have provided?

You are entitled to know whether or not we hold information about you and if we do (subject to certain limitations) to have access to that information and to have it corrected if it is inaccurate or out of date.

If you are an EU resident (or post 1 January 2021 a UK resident) and we are in possession of or are processing your data or in relation to offering you goods and/or a service or services, you have the following rights under the GDPR/UK GDPR:

• Right of access – you have the right to request a copy of the information that we hold about you
• Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete
• Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records
• Right to restriction of processing – where certain conditions apply you have a right to restrict the processing
• Right of portability – you have the right to have the data we hold about you transferred to another organization
• Right to object – you have the right to object to certain types of processing such as direct marketing
• Right to object to automated processing including profiling

In the event that SCLogic refuses your request under rights of access, we will provide you with a reason as to why, which you will have the right to legally challenge.
To access what personal data is held about you, identification will be required.

SCLogic will accept the following forms of ID when information on your personal data is requested:
• A copy of your driving license, passport, or birth certificate and a utility bill not older than three months.

A minimum of one piece of photographic ID listed above and a supporting document is required. If SCLogic is dissatisfied with the quality of the ID presented, further information may be sought before any personal data is released.

10) Security of your Personal Information

SCLogic secures your personal information from unauthorized access, use or disclosure. SCLogic secures the personally identifiable information you provide on computer servers in a controlled, secure environment protected from unauthorized access, use or disclosure. When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption such as the Secure Socket Layer (“SSL”) protocol. We have taken appropriate steps to safeguard and secure information we collect online including the use of encryption when collecting or transferring sensitive data such as credit card information.

However, you should always take into consideration that the Internet is an open forum, and that data may flow across networks with little or no security measures and therefore we cannot guarantee that such information may not be accessed by people other than those you intended to access it.

11) Changes to this Statement

SCLogic will occasionally update this Statement of Privacy to reflect company and customer feedback. SCLogic encourages you to periodically review this Statement to be informed of how SCLogic is protecting your information.

12) Contact Information

SCLogic welcomes your comments regarding this Statement of Privacy. If you believe that SCLogic has not adhered to this Statement, please contact SCLogic at [email protected]. We will use commercially reasonable efforts to promptly determine and remedy the problem.

13) Complaints

In the event that you wish to make a complaint about how your personal data is being processed by SCLogic, you have the right to complain to SCLogic at [email protected].
If you do not get a response within 30 days and you are an EU or UK resident, you can in the first instance complain to the national data regulator for the EU Member State where you are resident or to the national data regulator for the UK if you are a resident of that country.

14) Data Subject Requests Under GDPR: About these procedures

14.1 SCLogic (“the Company”) processes the personal data of EU data subjects. EU personal data must be processed in accordance with the provisions of the EU ‘General Data Protection Regulation’ (“GDPR”). The Company operates as a data controller (as defined by the GDPR) and as such we adhere to the principles relating to data processing as set out in the GDPR which requires that personal data be:

i. Processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency)
ii. Collected only for specified, explicit and legitimate purposes (Purpose Limitation)
iii. Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed (Data Minimization)
iv. Accurate and where necessary kept up to date (Accuracy)
v. Not kept in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is Processed (Storage Limitation)
vi. Processed in a manner that ensures its security using appropriate technological and organizational measures to protect against unauthorized or unlawful processing and against accidental  loss, destruction, or damage (Security, Integrity and Confidentiality)
vii. Not transferred to another country without appropriate safeguards being in place (Transfer Limitation)
viii. Made available to Data Subjects and Data Subjects allowed to exercise certain rights in relation to their personal data (Data Subject’s Rights and Requests).

The Company is committed to ensuring that all EU personal data in its control is processed in accordance with the above principles.

14.2 In addition to the duties required of a data controller, the GDPR provides data subjects with certain rights, namely the right to:

a. Access their own personal data (Articles 12 and 15 and Recital 63)
b. Correct personal data (Article 16)
c. Erase personal data, also known as the “right to be forgotten” (Article 17 and Recitals 65 and 66)
d. Restrict data processing (Article 18)
e. Object to data processing (Article 21 and Recitals 69 and 70)
f. Receive a copy of their personal data or transfer their personal data to another data controller (Article 20 and Recital 68)
g. Not be subject to automated decision-making (Article 22 and Recital 71)
h. Be notified of a data security breach (Article 34 and Recital 86).

14.3 When we process data subjects’ personal data, we shall respect the rights outlined in section 1.2 above and these procedures provide a framework for responding to requests to exercise those rights. It is our policy to ensure that requests by data subjects covered by these procedures to exercise their rights in respect of their personal data are handled in accordance with applicable law.

14.4 For the purpose of these procedures, “personal data” means any information relating to an identified or identifiable data subject. An identifiable ‘data subject’ is anyone who can be identified directly or indirectly by reference to an identifier such as a name, identification number or online identifier. “Processing” means any operation or set of operations that is performed on personal data such as collection, use, storage, dissemination, and destruction.

15) Responding to requests to access personal data

15.1 Data subjects have the right to request access to their personal data processed by us. Such requests are called “Data Subject Access Requests” (“SARs”). When a data subject makes an SAR, we shall take the following steps:

a) Log the date on which the request was received (to ensure that the relevant timeframe of one month for responding to the request is met)
b) Confirm the identity of the data subject who is the subject of the personal data. For example, we request additional information from the data subject to confirm their identity.
c) Search databases, systems, applications, and other places where the personal data which are the subject of the request may be held; and
d) Confirm to the data subject whether or not personal data of the data subject making the SAR are being processed.

15.2 If personal data of the data subject are being processed, we shall provide the data subject with the following information in a concise, transparent, intelligible, and easily accessible form, using clear and plain language in writing or by other (including electronic) means:

a) The purposes of the processing
b) The categories of personal data concerned (for example, contact details, bank account information and details of sales activities)
c) The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients overseas (for example US -based service providers)
d) Where possible, the envisaged period for which the personal data will be stored or if not possible then the criteria used to determine that period
e) The existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing
f) The right to lodge a complaint with the local data protection authority
g) Where the personal data are not collected from the data subject any available information as to their source
h) The existence of automated decision-making and meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject, and
i) Where personal data are transferred outside of the EU/UK details of the appropriate safeguards to protect the personal data.

15.3 We shall also, unless there is an exemption (see paragraph 9 below) provide the data subject with a copy of the personal data processed by us in a commonly used electronic form (unless the data subject either did not make the request by electronic means or has specifically requested not to be provided with the copy in electronic form) within one month of receipt of the request. If the request is complex or there are a number of requests, we may extend the period for responding by a further two months. If we extend the period for responding we shall inform the data subject within one month of receipt of the request and explain the reasons for the delay.

15.4 Before providing the personal data to the data subject making the SAR, we shall review the personal data requested to see if they contain the personal data of other data subjects. If they do, we may redact the personal data of those other data subjects prior to providing the data subjects with their personal data unless those other data subjects have consented to the disclosure of their personal data.

15.5 If the SAR is manifestly unfounded or excessive (for example because of its repetitive character) we may charge a reasonable fee, taking into account the administrative costs of providing the personal data or refuse to act on the request.

15.6 If we are not going to respond to the SAR, we shall inform the data subject of the reason(s) for not taking action and of the possibility of lodging a complaint with their local data protection authority.

16) Responding to requests to rectify personal data

16.1 Data subjects have the right to have their inaccurate personal data rectified. Rectification can include having incomplete personal data completed, for example, by a data subject providing a supplementary statement regarding the data. Where such a request is made, we shall, unless there is an exemption (see paragraph 9 below) rectify the personal data without undue delay.

16.2 We shall also communicate the rectification of the personal data to each recipient to whom the personal data have been disclosed (for example, our third-party service providers who process the data on our behalf) unless this is impossible or involves disproportionate effort. We shall also inform the data subject about those recipients if the data subject requests that.

17) Responding to requests for the erasure of personal data

17.1 Data subjects have the right in certain circumstances to request that we erase their personal data. Where such a request is made, we shall, unless there is an exemption (see paragraph 9 below) erase the personal data without undue delay, if:

a) The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
b) The data subject withdraws their consent to the processing of their personal data and consent was the basis on which the personal data were processed and there is no other legal basis for the processing
c) The data subject objects to the processing of their personal data on the basis that there no longer remains an overriding legitimate interest for continuing processing
d) The data subject objects to the processing of their personal data for direct marketing purposes
e) The personal data have been unlawfully processed
f) The personal data have to be erased for compliance with a legal obligation to which we are subject, or
g) The personal data have been collected in relation to the offer of e-commerce or other online services

17.2 When a data subject makes a request for erasure in the circumstances set out above, we shall, unless there is an exemption (see paragraph 4.5 and paragraph 9 below) take the following steps:

a) Log the date on which the request was received (to ensure that the relevant timeframe of one month for responding to the request is met)
b) Confirm the identity of the data subject who is the subject of the personal data. We may request additional information from the data subject to do this
c) Search databases, systems, applications, and other places where the personal data which are the subject of the request may be held and erase such data within one month of receipt of the request. If the request is complex or there are a number of requests, we may extend the period for responding by a further two months. If we extend the period for responding, we shall inform the data subject within one month of receipt of the request and explain the reason(s) for the delay
d) Where we have made the personal data public, we must, taking reasonable steps including technical measures, inform those who are processing the personal data that the data subject has requested the erasure by them of any links to or copies of or any replications of those personal data, and
e) Communicate the erasure of the personal data to each recipient to whom the personal data have been disclosed unless this is impossible or involves disproportionate effort. We shall also inform the data subject about those recipients if the data subject requests it.

17.3 If the request is manifestly unfounded or excessive (for example, because of its repetitive character) we may charge a reasonable fee, taking into account the administrative costs of erasure, or refuse to act on the request.

17.4 If we are not going to respond to the request, we shall inform the data subject of the reasons for not taking action and of the possibility of lodging a complaint with the relevant local data protection authority.

17.5 In addition to the exemptions in paragraph 9 below, we can also refuse to erase the personal data to the extent processing is necessary:

a) For exercising the right of freedom of expression and information
b) For compliance with a legal obligation which requires processing by law and to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us
c) For reasons of public interest in the area of public health
d) For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
e) For the establishment, exercise, or defense of legal claims

18) Responding to requests to restrict the processing of personal data

18.1 Data subjects have the right unless there is an exemption (see paragraph 9 below) to restrict the processing of their personal data if:

a) The data subject contests the accuracy of the personal data, for a period to allow us to verify the accuracy of the personal data
b) The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead
c) We no longer need the personal data for the purposes for which we collected them, but they are required by the data subject for the establishment, exercise, or defense of legal claims, and
d) The data subject has objected to the processing pending verification of whether we have legitimate grounds to override the data subject’s objection.

18.2 Where processing has been restricted, we shall only process the personal data (excluding storing them):

a) With the data subject’s consent
b) For the establishment, exercise, or defense of legal claims
c) For the protection of the rights of another person, or
d) For reasons of important public interest.

18.3 Prior to lifting the restriction, we shall inform the data subject of the lifting of the restriction.

18.4 We shall communicate the restriction of processing of the personal data to each recipient to whom the personal data have been disclosed unless this is impossible or involves disproportionate effort. We shall also inform the data subject about those recipients if the data subject requests it.

19) Responding to requests for the portability of personal data

19.1 Data subjects have the right in certain circumstances to receive their personal data that they have provided to us in a structured, commonly used, and machine-readable format that they can then transmit to another company. Where such a request is made, we shall, unless there is an exemption (see paragraph 9 below) provide the personal data without undue delay if:

a) The legal basis for the processing of the personal data is consent or pursuant to a contract, and
b) Our processing of those data is automated

19.2 When a data subject makes a request for portability in the circumstances set out above, we shall take the following steps:

a) Log the date on which the request was received (to ensure that the relevant timeframe of one month for responding to the request is met)
b) Confirm the identity of the data subject who is the subject of the personal data. We may request additional information form the data subject to confirm their identity, and
c) Search databases, systems, applications, and other places where the personal data which are the subject of the request may be held and provide the data subject with such data (or, at the data subject’s request, transmit the personal data directly to another company, where technically feasible) within one month of receipt of the request. If the request is complex or there are a number of requests, we may extend the period for responding by a further two months. If we extend the period for responding, we shall inform the data subject within one month of receipt of the request and explain the reason(s) for the delay.

19.3 If the request is manifestly unfounded or excessive (for example, because of its repetitive character) we may charge a reasonable fee, taking into account the administrative costs of providing or transmitting the personal data or refuse to act on the request.

19.4 If we are not going to respond to the request, we shall inform the data subject of the reasons for not taking action and of the possibility of lodging a complaint with the relevant local data protection authority.

20) Responding to objections to the processing of personal data

20.1 Data subjects have the right to object to the processing of their personal data where such processing is on the basis of our performance of a task carried out in the public interest or in the exercise of official authority vested in us or on the basis of our legitimate interest which override the data subject’s interests or fundamental rights and freedoms, unless we either:

a) Can show compelling legitimate grounds for the processing which overrides those interests, rights, and freedoms, or
b) Are processing the personal data for the establishment, exercise, or defense of legal claims.

20.2 Data subjects also have the right to object to the processing of their personal data for scientific or historical research purposes or for statistical purposes, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

20.3 Where such objection is made, we shall, unless there is an exemption (see paragraph 9 below) no longer process a data subject’s personal data.

20.4 Where personal data are processed for direct marketing purposes, data subjects have the right to object at any time to the processing of their personal data for such marketing. If a data subject makes such a request, we shall stop processing the personal data for such purposes.

21) Responding to requests not to be subject to automated decision-making

21.1 Data subjects have the right in certain circumstances not to be subject to a decision based solely on the automated processing of their personal data, if such decision produces legal effects concerning them or significantly affects them. Where such a request is made, we shall, unless there is an exemption (see paragraph 9 below) no longer make such a decision unless it:

a) Is necessary for entering into or for the performance of a contract between us and the data subject
b) Is authorized by applicable law which lays down suitable measures to safeguard the data subject’s rights, freedoms and legitimate interests, or
c) Is based on the data subject’s explicit consent.

21.2 If the decision falls within paragraph 8.1(a) or paragraph 8.1(c), we shall implement suitable measures to safeguard the data subject’s rights, freedoms and legitimate interests including the right to obtain human intervention, to express their point of view and to contest the decision.

22) Exemptions

22.1 Before responding to any request we shall check whether there are any exemptions that apply to the personal data that are the subject of the request. Exemptions may apply where it is necessary and proportionate not to comply with the requests described above to safeguard:

a) National security
b) Defense
c) Public security
d) The prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties including the safeguarding against and the prevention of threats to public  security
e) Other important objectives of general national public interest, in particular an important national economic or financial interest including monetary, budgetary and taxation matters, public health and social security
f) The protection of judicial independence and judicial proceedings
g) The prevention, investigation, detection, and prosecution of breaches of ethics for regulated professions
h) A monitoring, inspection or regulatory function connected, even occasionally, to the exercise of official authority in the cases referred to in paragraph 9.1(a) and paragraph 9.1(g) above
i) The protection of the data subject or the rights and freedoms of others, or
j) The enforcement of civil law claims.

 

Last updated: February 5, 2021