SaaS Privacy Notice
Rocket Software (“Rocket,” “we” or “us”) has issued this Global Data Protection and Privacy Notice (“Notice”) to describe how we handle personal information that you may provide to us for your use of our SaaS solutions, as specified below.
We respect the privacy of individuals and are committed to handling personal information responsibly and in accordance with applicable law. This Notice sets out the personal information that we collect and process about you, the purposes of the processing and the rights that you have in connection with it.
If you are in any doubt regarding the applicable standards, or have any comments or questions about this Notice, please contact us at the contact details in Section 10 below.
2. The Types of Personal Information We Collect
We may require basic information which identifies you as an individual (“Personal Information”), such as your name, email address and phone number, in order to transact business with you, on behalf of the company you work for, as our customer. We will only use such Personal Information for the purposes of providing information which you have requested, fulfilling business transactions, or for other purposes set out in this Notice.
Rocket may also collect Personal Information indirectly from third parties, such as our business partners, or members of your Community.
We may collect the following information, depending on the SaaS application being used:
- Name: first name and last name
- Job title or description
- Company or organization name
- Company address, including country
- Contact information including email address and telephone number(s)
- User names (account alias) and passwords according to the SaaS product specifications to allow users to login and use the SaaS product
- ENGDAT (Engineering Data Message) routing address for OFTP (Odette File Transfer Protocol) based file exchanges
- Time zone and date/time preferences for SaaS product usage
- IT information required to provide access to systems and networks such as IP addresses, log files and login information, encryption generation keys
- Information pertinent to fulfilling business transactions on a customer’s behalf, such as files uploaded by a user to a SaaS product to be processed by the application’s functionality, system generated emails
- Meta Data, such as logs, for usage information and activity logs, with identifying characteristics such as creator or author of a transaction, names of individuals who have accessed or downloaded file(s), the time file(s) were accessed or downloaded, IP addresses of users.
- SaaS product administration activity such as adding and deactivating users, management of the generation of encryption keys
We do not collect sensitive information such as racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, or data concerning health or sexual orientation.
3. Purposes for Processing Personal Information
3.1 Business Transactions with Customers
We process Personal Information through Rocket’s global IT systems, which include tools and systems that help us to administer customer accounts, orders and business transactions and share information across Rocket systems, and with related corporate entities, as described in Section 4.1 below. This includes transferring Personal Information to our servers in the US (see also Section 6.1 below). Our parent company in the US, Rocket Software, Inc. may host these servers or utilize third party servers and applications, but in either case will be responsible for the security access of Personal Information on the systems.
3.2 SaaS Products
You may provide Personal Information to Rocket through our “registration” page, by processing orders, or by participating in a Community, in order to use the SaaS products which run on Rocket's multi-tenant SaaS platforms (e.g., TRUcore), or as standalone single tenant instances as follows:
- TRUcore SaaS products:
- TRUexchange allows users to securely exchange their product design data between members of either their private or public partner user community (“Community”).
- TRUsource allows users to manage, create and distribute request for quotation (RFQ) packages to Community members.
- TRUcentrix is a dedicated solution for a user to manage document and data-based collaboration and workflow activities with their Community with a specific location or controls. This application may also be hosted on a third party cloud platform upon customer request, at a location in the United States, Ireland, India or elsewhere as directed by customer and agreed by Rocket.
- EDX enables a customer to process secure EDI transactions with document translation and communication management services with its trading partner companies, with specific versions and instances, in the US and the EU.
We may make use of Personal Information that we collect to help us administer the SaaS products and platforms:
- To analyze system usage to help maintain the operational system
- To enable you to access customer support portals or to provide customer support services to you
- To optimize system operation based on usage and enable future product development and improvements
- To enable our compliance with export control and other laws and regulations
The Internet is a global environment and using the Internet to collect and process data can involve the transmission of data on an international basis. By using our SaaS products and communicating electronically through the SaaS products, you acknowledge our processing of data in this way.
The SaaS products allow users to send documents and communicate with other users. Rocket is not responsible for the data protection or privacy practices or the content of other users’ sites. When your communications leave our platforms, we cannot be responsible for the protection and privacy of any information which you provide while visiting such sites and such sites are not governed by this Notice. You should review the data protection and privacy statements applicable to such sites.
If you do not wish us to make use of your Personal Information in this way, please email [email protected].
3.3 Other legitimate business purposes
We may also collect and use Personal Information when it is necessary for other legitimate purposes, such as to help us conduct our business more effectively and efficiently, for example, for general IT resourcing on a global level and information security/management.
3.4 Legal purposes
We also may use your personal information where we consider it necessary for complying with laws and regulations, or to exercise or defend the legal rights of the Rocket global group of companies.
4. Who We Share Your Personal Information With
4.1 Within Rocket
Employees, contractors and agents of Rocket may be given access to Personal Information which we collect, but their use will be limited to the performance of their duties and the reason for processing. Our employees, contractors and agents who have access to your Personal Information are required to keep that information confidential and are not permitted to use it for any other purposes.
Personal Information may be shared among related entities within the Rocket group of companies, including Rocket Software Inc. (“RSI”) in the United States. As the parent company, RSI provides products, support and operations services, and centralized corporate functions to its subsidiaries. Rocket’s subsidiaries include: Rocket Software (Beijing) Co., Ltd., Rocket Software Canada, Inc., Rocket Software Pty. Ltd., S.A.S. Rocket Software France, Computer Corporation of America (Intl) Ltd., Rocket Software B.V., Rocket Software Deutschland GmbH, Rocket Software UK Limited, Rocket Software Japan Ltd., Computer Corporation of America, and Rocket Software Development India Pvt. Ltd. (For a list of Rocket global locations, please see: http://www.rocketsoftware.com/company/locations.)
Rocket data centers for the SaaS solutions are located in Germany and the United States.
4.2 Business Partners and Service Providers
Rocket will never sell, rent or disclose to unaffiliated third parties your Personal Information unless we have your permission or are required by law to do so. When we permit a third party to access Personal Information, we will implement appropriate measures to ensure the information is used in a manner consistent with this Notice and that the security and confidentiality of the information is maintained.
Rocket discloses the Personal Information it collects to the following third parties:
- Business partners for the purposes of providing services, support and products to customers
- Third parties where disclosure is required or authorized by law
- Service Providers who provide business services to us. We do so on a "need to know basis" and in accordance with applicable data privacy law.
Rocket has entered into Data Protection Addenda with its third party subprocessors as applicable. A list of such subprocessors is available at:
4.3 Lawful Grounds
We may disclose Personal Information to third parties on other lawful grounds, including:
- To comply with our legal obligations, regulation or contract, or to respond to an administrative or judicial process
- In response to lawful requests by public authorities (including for national security or law enforcement purposes)
- If necessary to exercise or defend against potential, threatened or actual litigation
- If necessary to protect the vital interests of another person
- In connection with the sale, assignment or other transfer of all or part of our business, or
- With your consent.
5. Controlling Your Personal Information
You can request correction, update and deletion of your Personal Information via e-mail sent to [email protected], and we will use reasonable efforts to contact you regarding your request. To update or delete your Personal Information or correct an inaccuracy, we may ask you to verify your identity and cooperate with us in our effort.
6. EEA Residents Only
6.1 Transfer of Personal Information
As we operate at a global level, we may need to transfer Personal Information to countries other than the ones in which the information was originally collected. When we export your personal information to a different country, we will take steps to ensure that such data exports comply with applicable laws. For example, if we transfer personal information from the European Economic Area to a country outside it, such as the United States, we will implement an appropriate data export solution such as entering into EU standard contractual clauses with the data importer, or taking other measures to provide an adequate level of data protection under EU law.
6.2 Privacy Rights
If you are a resident of the European Union, you can object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information. You can exercise these rights by contacting us using the contact details provided in Section 5 above.
You have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority. If we have collected and process your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
7. Data Retention
Personal Information will be retained no longer than necessary in relation to the business purposes for which such Personal Information is provided and to fulfill legal requirements.
We are committed to ensuring that your information is secure. We have put in place appropriate technical, physical and administrative procedures to safeguard and secure the information we collect in order to prevent unauthorised access or disclosure.
9. Updates to This Notice
Rocket reserves the right, in its discretion, to make changes to any part of the SaaS products, platforms or this Notice. Rocket may change Notice from time to time by updating this page. You should check this page from time to time to ensure that you are aware of any changes. This Notice is effective from May 25, 2018. By continuing to use the SaaS products and services, you consent to this Notice as amended.
10. Contact Information
If you have any questions about this Notice, or wish to make a complaint about our data handling practices, you may contact:
Data Protection Officer
Rocket Software UK Limited
4 Roundwood Avenue
Uxbridge, UB11 1AF United Kingdom
0800 520 0439 (toll free)
Email: [email protected]
We will investigate any complaints received in writing and do our best to resolve them with you as soon as possible.