This website (“Scope Accounts”) is operated by Scope Ratings GmbH.
Personal data means any information which relates to a specific person (“Personal Data”).
This Policy sets out the basis on which any Personal Data collected from or provided by the users, clients or subscribers of Scope Accounts website (“You” or “Data Subjects”), will be processed by the Data Controller.
Please read the following carefully to understand Our views and practices regarding Your personal data and how they will be treated.
The provisions set out in this Policy are regulated by and aligned with the General Data Protection Regulation – Regulation (EU) 2016/679 (“GDPR”).
For more information on the legal framework of this policy please consult the GDPR text at (https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en).
The type of data that the Data Controller may need to collect vary according to the business relationship with the Data Subject:
Clients and Subscribers: the Data Controller will request only information that is strictly necessary for the fulfillment of the contract that a client signs with the Data Controller and for the provision of its services; for example, some of the information the Data Controller may need are:
The collection of personal data through Scope Accounts website is driven by the principle of “contractual necessity”: any personal information that the Data Controller collects from the Data Subjects is necessary and functional to achieve and fulfil the specific, defined and legitimate purposes which are determined and made explicit in the contract between the Data Controller and the Data Subject.
As an example, We will request personal information to:
We collect personal information from a variety of sources and mainly:
Whatever method is used to collect personal information, the Data Controller is committed to always accurately and promptly inform the Data Subject and to request his explicit consent.
The personal data collected through Scope Account website are processed and handled following the key principles highlighted below:
Minimization: only those personal data which fit the purpose of the contract between the Data Controller and the Data Subject will be collected; the type of personal data that will be required will be determined on a case by case basis;
Integrity: the information collected from the Data Subject will be kept confidential by the Data Controller at any time; in case of personal data being transferred from one entity to another within Scope Group, the Data Subject will be promptly informed when signing a contract with the Data Controller (through a Declaration of Consent) or as soon as the transfer; becomes necessary; the standards of data confidentiality will be maintained unchanged;
Limited storage: the Data Controller will only keep personal data from the Data Subject as long as they are needed for the fulfilment of the business purpose as indicated in the contract between the parties; once the business purpose ceases, personal data will be permanently deleted after a retention period that varies from a minimum of six months to a maximum of ten years depending on each specific case;
Security: the Data Controller is committed to keep personal data it stores secure at any time against internal and external threats such as, but not limited to, accidental loss, unauthorised access and use; however, no data transmission over the Internet or other network can be guaranteed to be 100% secure. As a result, while we strive to protect information transmitted on or through the Properties or services, we cannot and do not guarantee the security of any information you transmit on or through the Properties or services, and you do so at your own risk.
While performing some of its business activities, the Data Controller may use external service providers who mostly operate in the technology environment.
The Data Controller is committed to promptly notify the Data Subject in case his/her personal data are transferred to any of these external providers and to accurately explain the nature, purpose and duration of the transfer.
The Data Controller is also accountable for granting that the same standard of protection on personal data belonging to its clients/suppliers is also observed by its external service providers.
The Data Controller mainly operates in EU and EEA Member States, which are subject to the legal provisions set out in the GDPR on personal data protection.
The Data Controller is committed to keep personal data from Data Subjects secure and to treat them confidentially at all times.
To ensure personal data are handled accurately, the Data Controller is accountable of granting that:
In case a breach of personal data occurs, the Data Controller is responsible of notifying the Data Subject(s) affected promptly and efficiently and to swiftly take any necessary actions that could help reducing the impact of the breach.
Specifically, in the event of a data privacy breach:
The Data Controller is also committed to perform an exhaustive and thorough investigation both internally and externally (with the involvement of the supervisory authority if needed) on the root cause of the breach and to take any corrective measure in a timely manner, to help preventing the breach to occur in the future.
|_ga||Cookie used by Google Analytics to distinguish users (https://developers.google.com/analytics/devguides/collection/analyticsjs/cookieusage)|
|_gid||Cookie used by Google Analytics to distinguish users (https://developers.google.com/analytics/devguides/collection/analyticsjs/cookieusage)|
|_twitter_sess||Cookie used by Twitter to view Twitter social status|
|LANG||Keeps language preference of user|
|JSESSIONID, ASID||Keep user credentials to avoid log out when reloading the page|
Scope Accounts websites uses plug-ins for social media platforms which allow You to share information or to follow Us on Your social media’s profile.
When You click on the plug-in button, the social media will automatically receive the information on the page You visited and on the content You viewed.
For more details on data protection policy for each social media, please visit the following pages:
Although some of the personal data are held and handled by the Data Controller, Data Subjects remain the owner of this information and, as such, they keep the following rights:
Right to access the data: Data Subjects have the right to access any information concerning them held by the Data Controller; additionally, the Data Controller takes any reasonable steps to ensure that the personal data it holds for its customers are kept up to date and accurate;
Right of revocation: at any time, the Data Subject can withdraw the consent for the handling and processing of his/her personal data by the Data Controller; the Data Subject can also change the level of consent, i.e. not withdrawing it entirely, but restricting its applicability; requests to revoke personal data should be sent via email to email@example.com;
Right of erasure: Data Subjects have the right to request the complete deletion of their personal records held by the Data Controller: requests to delete personal data must be submitted via email to firstname.lastname@example.org; this right does not apply if there is a legal or official obligation to store this data;
Right of data portability: personal data can be transferred to another service provider upon request from the Data Subject; this right is only applicable to information which the Data Subject he or she has provided to the Data Controller;
Right to complain: Data Subjects have the right to object the way personal data are processed by the Data Controller and they have the right to raise a complain directly with the local supervisory authority.
The Data Controller is committed to keep the personal data it stores up to date and accurate, nevertheless it is the Data Subject’s responsibility to promptly notify the Data Controller of any relevant change that may affect the personal records it keeps.
Data Protection Officer:
Scope SE & Co. KGaA
Phone +49 30 27891-0
Fax +49 30 27891-100
Scope Ratings GmbH
+49 30 27891-0
+49 30 27891-100
Managing Director: Torsten Hinrichs
Commercial Register Berlin: HRB 192993 B
Berliner Beauftragte für Datenschutz und Informationsfreiheit