Our Privacy and Cookie Policy

12th September, 2022

ADDITIONAL INFORMATION ON DATA PROTECTION

Confidentiality and security are fundamental values of Borneo. This means that we are committed to guaranteeing the privacy of our clients’ personal data at all times, and to collecting only the information that we need, and nothing else.

Below you can find all the necessary information with regards to the personal data we collect, how we process it, and your rights.

1. Who is responsible for the processing of your personal data?

The personal data that you have provided to us through the website or in any other form of connected communication will be subject to the record of processing activities for which Borneo is responsible as controller of the processing. 

Our contact details are:

Borneo Data PTE LTD

1B Greenleaf Drive

Singapore 279572

Email: [email protected] 

The contact details of our Data Protection Officer (DPO) are: [email protected]

2. What should know about our presence on social networks?

Borneo has the following profiles in the main social networks: 

• Twitter - https://twitter.com/borneodata 

• LinkedIn - https://www.linkedin.com/company/borneodata/ 

• Facebook - https://www.facebook.com/borneodata 

Borneo acknowledges that it is responsible for processing the data of its users, followers, or persons who make comments through them. Likewise, Borneo is exonerated from any type of responsibility derived from comments made by users and followers on its social networks.

Borneo may use the profiles described above to inform its users of topics it considers of interest. 

3. Permitted use of our website – What do you need to know?

A visit to the website by the user must be made in a responsible manner and in accordance with current legislation and good faith. The website provides a wide range of information, services and data. The user assumes responsibility for correct use of the website. 

The use of any of the contents of the website for purposes that are or could be illicit is totally prohibited, as well as the carrying out of any action that causes or could cause damage or alterations of any kind not consented to by Borneo, to the website or its contents.

The company reserves the right to make any changes it deems appropriate to its website without prior notice, and may change, delete or add both the content and services provided through it and the way in which they are presented or located on its servers.

4. What personal data do we collect?

The personal data that the user may provide comprise:

• Identification details: Name and surname

• Contact details: Telephone number, e-mail address, address. 

• Employment data: Company, job position

• IP address 

• Date and time of access request

• Referrer URL

• Device data, such as device identification number, type, location, operating system, browser type and version, language used, pre-defined consent preferences and also internet provider, if applicable.

• Tracking: Internet Service Provider, Unique device identifier, Geographic location, Operating system of the device, Date and time of visit, Duration of visit, Referrer URL, Videos viewed, IP address, Browser information, Device information, Mouse movements, Pages visited, Screen resolution, Clicks

• Any other information or data you decide to share with us through the forms and the chat provided on our website.

Please note: We only process personal data provided to us by you personally. If we do not collect the personal data directly from you, we will inform you of the source of the personal data and, if applicable, whether it originates from publicly accessible sources.

Please also note: In general, there is no obligation – neither statutory nor contractual - to provide us with your personal data. In some cases, it might however be compulsory to fill in a form to access certain services, such as, for example, our blog-newsletter. Likewise, not providing the personal data requested may mean that it is impossible for us to fully and effectively process your request or inquiry or to conclude a contract with you. 

The personal data obtained through any of the channels of the website will form part of the record of processing activities owned by Borneo This will be updated periodically in accordance with the provisions of the applicable regulations; Borneo has adopted all the relevant security measures in this regard. 

5. What are the purposes we collect your data for?

Borneo processes the aforementioned personal data for the following purposes:

• Requesting consent for the use of cookies and other technologies used

• Ensuring the functionality, security and display of our website (server log files),

• Providing information via the website and its communication channels. 

• Management of queries through forms, or the website chat. 

• Access to the private area of the Academy (materials and video platform).

• Statistical evaluation, analysis and further development of website services

• Advertising and optimization purposes

6. What is the legal basis for the processing of your data?

The processing of your data can be based on the following legal bases: 

• Express, prior and informed consent by users, e.g. for dropping cookies and other technologies or for tracking (user behaviour) or marketing measures (newsletter, commercial communications and information adapted to the user's profile) to be used. 

• Application of pre-contractual measures for the initiation or execution of contracts of sale and supply of licenses and/or professional services. 

• Application of contractual measures for the provision of services agreed between Borneo and its clients or suppliers.

• Legitimate interest in relation to the following purposes: 

  • Creation of user, customer and supplier profiles by processing data provided by users, customers and/or suppliers via the website as well as management of these profiles and data sets. 

  • Creation of profiles for sending information on promotions, latest news and personalised information adapted to the user's, customer’s or supplier’s profile.

  • Ensuring that our website remains secure, functional and well displayed. 

  • Understanding the needs, expectations and level of satisfaction of our users and customers. 

  • Improvement of our website services and products. 

  • Establishment, exercise or defence of legal claims.

• Compliance with legal obligations, e.g. to prevent fraud or money laundering or to ensure legally required collaboration with public authorities. 

7. How long do we keep your data?

Borneo processes your personal data only for as long as is necessary to achieve the purpose of the processing. We store your data, if you have consented to the processing, at most until you revoke your consent; if we need the data to perform a contract, at most as long as the contractual relationship with you exists (including the defence and enforcement of legitimate claims within the limitation periods); if we use the data on the basis of a legitimate interest, at most as long as your interest in deletion or anonymisation does not prevail.

In addition, data may be stored if this has been provided for by a legislator in regulations, laws or other provisions to which the controller is subject (including tax law, commercial law, combating money laundering, etc.). In these cases, the deletion of the data takes place after the expiry of the last retention period that legitimises the storage.

8. Which third party recipients is your data communicated to?

In general, Borneo will not pass on personal data to third parties, except in those situations, in which the data may be passed on to processors who provide services to Borneo, with the aim of managing the provision of services, the contractual and/or pre-contractual relationship with the interested parties or processing requests made by them. In these cases, we ensure that the recipients respect confidentiality and have the appropriate security measures in place to protect your personal data. 

Borneo tries to guarantee the security of personal data when it is sent outside the company. The third parties with which Borneo contracts are obliged to guarantee that the information is treated in accordance with current data protection regulations.

In those cases, in which the law requires the disclosure of personal data to public authorities or other parties, only what is strictly necessary for the fulfilment of such legal obligations will be disclosed by Borneo. 

Borneo gives personal data to:

• Google Suite: Borneo uses Google Suite in its relations with clients and potential clients. https://gsuite.google.es/intl/es/ 

• Slack: Borneo uses Slack as a method of internal communication . https://slack.com/intl/es-es/legal 

• Salesforce: Borneo uses the Salesforce application to keep customer and potential customer information up to date. https://www.salesforce.com/es/company/privacy/ 

• Hotjar: Borneo uses Hotjar's tool to understand the behaviour of web users. https://www.hotjar.com/legal/policies/privacy/ 

• Active Campaign: Borneo uses Active Campaign to send commercial marketing communications as well as to send communications to its clients. https://www.activecampaign.com/legal/terms-of-service 

• Typeform: Borneo uses Typeform to conduct surveys through forms https://admin.typeform.com/to/dwk6gt/ 

• Lead Forensics: Borneo uses Lead Forensic to analyse the users that visit our website https://www.leadforensics.com/privacy-policy/ 

• MixPanel: Borneo employs this software for the purpose of analytics that further enables our process development. These analytics improve the user experience for clients, as we are able to optimise the service. You may opt out of these analytics at any time by withdrawing consent via the cookie banner. Their privacy policy can be found at the following link: https://mixpanel.com/legal/privacy-policy

• Netlify: Borneo uses Netlify to host a part of our Service. To provide this service, Netlify may store your access logs including your IP address for up to 30 days. For more information on the privacy practices of Netlify, please visit the Netlify Privacy Policy web page:  https://www.netlify.com/privacy/ 

• YouTube: We have included YouTube (YT) videos on our website. The portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you call up a page on our website that has embedded a YouTube video, your browser automatically connects to the servers of YouTube or Google. Depending on your settings, various data is transferred. Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy. 

• Medium: We maintain an online presence on Medium to present our company and our services and to communicate with customers/prospects. Medium is a service of A Medium Corp, 799 Market St., 5th Floor, San Francisco, CA 94103, USA. Their privacy policy can be found at the following link: https://policy.medium.com/medium-privacy-policy-f03bf92035c9 

Please note this information if you are an European user:

Within the context of our website, personal data is transmitted to the United States of America and possibly other third countries and, thus, to an unsafe third country. Information that we collect from you will in this case be processed in the United States of America or other third countries. With regard to the United States of America, there is currently no adequacy decision of the European Union (Article 45 GDPR), which means that no level of protection comparable to the GDPR exists with regard to your personal data and any data subject rights and remedies. The same may apply to other third countries.

Against this background, our service providers and we strive to apply appropriate safeguards to protect your privacy and the security of your personal data. Therefore, our international data transfers are only carried out on the basis of contractual or other regulations provided for by law, which are intended to ensure adequate protection of your data and which you are welcome to view upon request. In doing so, we rely on the provisions set forth in Article 49 of the GDPR or, where applicable, on safeguards pursuant to Article 46 of the GDPR. 

In addition to the aforementioned, there might be international data transfers, including also personal data falling under GDPR application and protection, between Borneo (Singapore) and its subsidiaries in the US, India and Spain. In order to ensure an adequate level of protection for your data when it comes to these transfers, Borneo and its subsidiaries have established and implemented binding corporate rules within the meaning of Arts. 46 (2) and 47 of the GDPR, applying the GDPR standard throughout the Borneo group, which you are welcome to view upon request.

9. Where is your data stored? 

Borneo data collected and processed via or in the context of Borneo’s website is stored on Netlify servers. In order to guarantee a comparable level of protection for data sent outside the EU, Borneo implements adequate technical and organisational measures during transfer, storage and use. 

10.  What rights do you have and how can you exercise them? 

10.1. Your GDPR (European Economic Area - EEA) rights:

In the event that your personal data is processed, the GDPR – if applicable - grants you the following rights as a data subject. 

Please note: You can exercise these rights, except the right to lodge a complaint with a supervisory authority, at any time by simply sending an email to [email protected]. A complaint pursuant to Art. 77 GDPR must be lodged with a competent supervisory authority.

Please also note: When exercising your data subject rights under Art. 15 to 22 GDPR, the personal data provided by you in your request or inquiry will be processed in order to process your request or inquiry and to be able to provide evidence thereof. This processing is carried out in order to fulfill a legal obligation and/or to serve the legitimate interest of the controller in an evidence-based defense against official assumptions and legal claims.

Right of access (Art. 15 GDPR)

You have the right to request confirmation as to whether or not personal data concerning you is being processed; if this is the case, you have the right to access this personal data and the information detailed in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate personal data relating to you and, if necessary, the completion of incomplete data without delay.

Right to erasure (Art. 17 GDPR)

You have the right to request the immediate deletion of personal data concerning you, provided that the conditions listed in Art. 17 GDPR are met. In these cases, your data will be deleted or rendered anonymous without delay, unless an exception or legal provision justifies further processing.

Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you dispute the accuracy of processed data or have objected to the processing. If you exercise this right, the restriction of processing shall apply at least for the duration of the review by the controller, so that during this period, apart from being stored, data concerned shall only be processed with your consent, for the assertion, exercise or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

Right to data portability (Art. 20 GDPR)

In certain cases, which are listed in detail in Art. 20 GDPR, you as the data subject have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party. If you request the direct transfer of the data to another controller, this will only be done insofar as this is technically feasible.

Right to object (Art. 21 GDPR)

If data is collected on the basis of Art. 6 (1) (lit. f) GDPR (data processing for the protection of legitimate interests) or on the basis of Art. 6 (1) (lit. e) GDPR (data processing for the protection of public interest or in the exercise of official authority), you have the right to object to the processing at any time on grounds relating to your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. (Art. 21 Abs. 1 GDPR)

If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes. (Art. 21 Abs. 2 GDPR)

Revocation of consent

You also have the right to withdraw your consent to the processing of personal data at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

Right not to be subject to individual decisions (Art. 22 GDPR) 

You can request that decisions not be taken on the basis of automated processing alone, including profiling, which produces legal effects or significantly affects the data subject. 

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of data concerning you violates data protection provisions. The right of complaint can be asserted in particular before a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement.

10.2. Your CCPA (California Privacy) rights

Under California law, California residents are entitled to ask us for a notice identifying the categories of personal customer information that we share with certain third parties for marketing purposes, and providing contact information for such third parties. If you are a California resident and would like a copy of this notice, please submit a written request to us via email at [email protected]. You must put the statement "Your California Privacy Rights" in your request and include your name, street address, city, state, and ZIP code. We are not responsible for notices that are not labeled or sent properly, or do not have complete information.

California has passed a law called the California Consumer Privacy Act (CCPA). If the CCPA is applicable to you, you have the right to:

• know the categories of personal information collected about you in the prior 12 months and its sources and business purpose;

• know whether your personal information is sold or disclosed, and to whom, in prior 12 months;

• if “sale” of info, right to opt out of the sale of your personal information; 

• access and then delete your personal information (subject to exceptions); and

• equal service and price (non-discrimination) if you exercise your privacy rights. 

“Personal Information” is defined to include information that identifies, relates to, describes, or is capable of being associated with a particular consumer or household. This includes (among other types of personal information) IP addresses, geolocation data, biometric information, and “unique identifiers” such as device and cookie IDs, Internet activity information like browsing history, commercial information such as products or services purchased or consuming histories or tendencies, and characteristics concerning an individual’s race, color, sex (including pregnancy, childbirth, and related medical conditions), age (40 or older), religion, genetic information, sexual orientation, political affiliation, national origin, disability or citizenship status. 

Inferences drawn from personal information “to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes” are also considered “personal information.”

Contact us at [email protected] to exercise your CCPA rights. 

Request for Erasure. For identity verification purposes, Borneo requires anyone submitting an erasure request to submit the subject’s full name, email address, and home address related to the subject’s Borneo account or Borneo communications. Borneo will submit a verification email to the requestor who will be required to re-authenticate the request for erasure. Borneo relies upon this information to ensure the information on the correct individual is removed.

Do Not Sell My Information. We take your privacy seriously. We do not sell our members' information. We are not a data broker.

If you are a California resident, you can request information regarding the disclosure, if any, of your personal information by Borneo to third parties for the third parties’ direct marketing purposes. To make such a request, please send an email to [email protected], subject line: CCPA Request.

10.3. Your UK Rights

The current UK GDPR and the Data Protection Act 2018 provides our UK visitors with the same rights as European citizens. If you are a UK citizen, please contact us at [email protected] to exercise the following rights:

• Be informed about how your data is being used

• Access personal data

• Have incorrect data updated

• Have data erased

• Stop or restrict the processing of your data

• Data portability (allowing you to get and reuse your data for different services)

• Object to how your data is processed in certain circumstances

Borneo is paying close attention to the upcoming ‘Data Protection and Digital Information Bill’ (“DPDI Bill”) and will endeavour to ensure that your UK data protection rights are respected. 

10.4. Your Rights under the Information Technology Act Rights (India)

Your ("Data Subjects”) rights with respect to your personal information:

Your rights may differ depending on applicable data protection local laws. We respect your right to be informed, access, correct, request deletion or request restriction, portability, objection, and rights in relation to automated decision making and profiling, in our usage of your personal information as may be required under applicable law. We also take steps to ensure that the personal information we collect is accurate and up to date. Subject to such laws, you may have the following rights:

• You have the right to know what personal information we maintain about you;

• We will provide you with a copy of your personal information in a structured, commonly used and machine-readable format on request;

• If your personal information is incorrect or incomplete, you have the right to ask us to update it;

• You have the right to object to our processing of your personal information;

• You can also ask us to delete or restrict how we use your personal information, but this right is determined by applicable law and may impact your access to some of our services

• You can have the right to access your personal information

• You have a right to object to processing of your personal information where it is so conducted by automated means and involves any kind of decision-making 

Further, you have the option to file a complaint for suspected or actual violations of your data protection rights with the relevant supervisory authority if you are from EEA. 

Please note: You will also not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

10.5. Your rights according to Personal Data Protection Act 2012 (No. 26 of 2012) ('PDPA') (Singapore)

• Withdrawing your consent

The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop collecting, using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.

Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within five (5) business days of receiving it.

Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in clause 7 above.

Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

• Access to and correction of personal data. 

If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.

Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.

We will respond to your request as soon as reasonably possible. In general, our response will be within five (5) business days. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA).

11. Who is responsible for the accuracy and truthfulness of the data provided?

The user is solely responsible for the validity and correctness of the data included on the website, exonerating Borneo from any responsibility in this regard. Users guarantee and are responsible, in any case, for the accuracy, validity and authenticity of the personal data provided, and undertake to keep them duly updated as and when changes occur. The user agrees to provide complete and correct information in the contact or subscription form.

Borneo is not responsible for the validity of the information that is not of its own elaboration and of which another source is indicated, and therefore it does not assume any responsibility for hypothetical damages that could arise from the use of this information.

Borneo reserves the right to update, modify or eliminate the information contained in its web pages and may even limit or not allow access to this information. Borneo is exonerated from any responsibility for any damage or harm that the user may suffer as a result of errors, defects or omissions in the information provided by Borneo, provided that this information comes from sources other than Borneo.

12. What security measures do we apply to protect your personal data?>

Borneo has adopted the legally required levels of security for the protection of personal data and attempts to employ all those means and additional organisational and technical measures at its disposal to prevent the loss, misuse, alteration, unauthorized access and theft of personal data provided to Borneo. Nevertheless, the user must be aware that security measures on the internet are not impregnable. 

Therefore, Borneo is not responsible for any hypothetical damage or harm that may arise from interference, omissions, interruptions, computer viruses, telephone breakdowns or disconnections in the operation of this electronic system, caused by reasons beyond the control of Borneo. Delays or blockages in the use of this electronic system caused by deficiencies or overloading of telephone lines or overloading of the data processing centre, the Internet system or other electronic systems, as well as damage that may be caused by third parties through illegitimate interference are to be considered beyond the control of Borneo. 

13. How do we use cookies?

The Borneo website and Social Networks use cookies and similar technologies:

• for the functionality, security and display,

• for statistical evaluation, analysis and further development, and/or

• for advertising and optimization purposes.

Similar technologies are technical tools that enable, for example, the identification of visitors and users or the evaluation of the use of our website without being a cookie, such as tracking pixels or LocalStorage. 

Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's system. If a user calls up our website, a cookie can thus be stored on the user's operating system or a tracking pixel can be triggered, for example. Cookies contain a characteristic string of characters that can, for example, uniquely identify the browser when you return to the website and are stored either temporarily for the duration of a session (session cookies), for a certain period of time or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Temporary cookies are deleted when time expires. Permanent cookies remain stored on your terminal device until you delete them yourself or until they are automatically deleted by your web browser. 

Cookies and similar technologies from third-party companies may also be stored or triggered on your device when you visit our website (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies to store information about the source from which a user came to our website).

Technically necessary cookies and technologies are those without which our website is not functional and usable. This category only includes cookies and technologies that provide basic website functionality and security features. Technically necessary cookies and technologies can be set without the user's consent.

Non-essential cookies and technologies are all cookies and technologies that are not necessary for the pure functionality and security of the website and are used specifically for the purpose of collecting personal data from the user, for example, through tracking, ads and other embedded content. Non-essential cookies and technologies (for example, cookies for marketing, advertising, statistical evaluation or analysis purposes) require your prior informed consent. 

We request this consent via our cookie banner when you visit our website, unless you have already consented to the use of our cookies and technologies during a previous visit to our website. If you consent to the use of cookies and technologies, we and, if applicable, third parties will process the data collected through this on the basis of your consent. You can revoke your consent at any time via our website function "Cookie Settings" with effect for the future. In this case, the use of the cookies and technologies concerned and the processing carried out by us via them will be stopped immediately. The legality of the processing carried out on the basis of your consent until your revocation remains unaffected.

By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Depending on the browser you are using, you may also be able to set your browser so that you are informed about the setting of cookies, that cookies are only allowed in individual cases, that the acceptance of cookies is excluded for certain cases or in general and/or that cookies are automatically deleted when you close the browser. Cookies that have already been stored can also be deleted at any time via the browser settings. If cookies are deactivated for the website, however, it may no longer be possible to use all functions of the website to their full extent. 

14. UK Representation

As we do not have an establishment in the United Kingdom (“UK”), we have appointed a representative who you may address if you are a UK-based customer and wish to raise any issues or queries you may have relating to our processing of your personal data and/or this privacy policy.

Our UK representative is:

The DPO Centre, 50 Liverpool Street, London EC2M 7PY, UK

Our UK representative can be contacted directly:

+44 (0) 203 797 1289

[email protected]

15. Modification of the privacy policy

We reserve the right to change this privacy policy at any time with effect for the future. As this privacy policy might thus be subject to change, we encourage you to review the privacy policy from time to time. 

Date: September 9, 2022