Single Arrows_RGB

Data Regulation Compliance

DDI’s commitment to data protection

As our world is increasingly guided by digital technologies that collect data about individuals, DDI is committed to protecting the personal data with which we are entrusted by our clients, vendors, partners, and employees. 

DDI has dedicated resources, policies, and processes to data protection, including appointing a Data Security Office and a Data Protection Officer who routinely monitor global standards. Furthermore, we understand that data protection requires the commitment of every associate in our organization and require each of our associates to regularly complete data security training to ensure the highest standards of data protection. We also require our vendors to meet our standards for data privacy.

Don't assume that partners and vendors are taking care of data unless they can prove it. Partnering with a non-compliant organization leaves you open to unnecessary risks with your reputation, money, and most importantly, your people. Are you willing to take that risk?

What our commitment means to you

Having a partner that is focused on compliance with latest data protection trends and requirements means:

How we keep your information safe

ISO 27001 Certification

To achieve ISO 27001 certification, DDI implemented technical, organizational and administrative security measures to protect your information from unauthorized access, disclosure, misuse, alteration, accidental loss or destruction. In addition, we align our product systems to the ISO 27001 framework. Technical measures to protect information include data encryption, access controls, and vulnerability management.

Compliance with General Data Protection Regulations (GDPR)

Effective May 25, 2018, a new privacy mandate called the General Data Protection Regulation (GDPR) took effect. The GDPR expands the privacy rights of residents of the European Union and placed new obligations on service providers like DDI which control and process personal data from the EU. As the new era of data privacy unfolds, DDI views regulations like GDPR as an opportunity to deepen our commitment to privacy and data protection internally and with our global clients.

To us, compliance goes beyond policies and system settings, requiring both organizational and cultural shifts; it demands a partnership between DDI, its sub-processors, and our customers. DDI is committed to GDPR compliance throughout our operations and in the delivery of service to our global clients. We are also dedicated to helping our customers comply throughout our partnership. DDI continues to make enhancements to our products, contracts, and documentation to minimize risk to data we process. We are also raising the awareness and competence of our associates to support global compliance.

In accordance with the GDPR, DDI processes personal data limited to the purpose for which it was gathered and per the consent provided to the individual, including:

In accordance with the GDPR, DDI upholds the rights of European Union residents to receive a timely response to requests to access, correct, erase, or, in some cases, transfer personal data. 

Compliance with the California Consumer Privacy Act (CCPA)

Effective January 1, 2020, the California Consumer Privacy Act (CCPA) allows California residents to request from a business that collects personal information to give consumers access to and/or deletion of the personal information collected. Terms used in this CCPA Notice but not defined here will have the same meaning as defined under the CCPA.

Business purposes can include such things as: providing our Services, maintaining and servicing accounts, providing customer service, processing or fulfilling orders and transactions, performing analytics and quality control, auditing transactions, researching and testing features and improvements, detecting and preventing fraud and security incidents, debugging or repairing technical errors, and marketing our Services.

DDI may share or allow third parties to collect personal information through our Services for business purposes we’ve described in our Privacy Policy.

Categories of personal information collected and disclosed. The categories of personal information collected and disclosed to third parties for business purposes by DDI are listed in the “Information Collection” section of our Privacy Policy.

In accordance with the CCPA, if you are a California resident using the Services, you have the following rights:

Your rights under CCPA may be exempted as permitted under the statute, particularly if you use the Services as an employee or agent under a business account. DDI expressly reserves all rights to claim legal exemptions permitted under the CCPA.

California Online Privacy Protection Act

In compliance with CalOPPA, we have hereby posted this conspicuous Policy to the public, indicating the personal data being collected and the manner in which it may be disclosed and with whom. Accordingly, our users may visit our Site using anonymous browsing, this Policy linked in our home page, with the link including the word ‘Privacy’ or similar. We also comply with Policy change notification to our users and provide mechanisms that allow our users to manage their personal data personal information.

Compliance with Required Data Disclosure Mandates

DDI may be required to disclose your information to comply with applicable laws (including laws outside of your individual state, province, or country of residence), regulations, court orders, government and law enforcement requests, including national security or other law enforcement requirements. Additionally, if we reasonably believe that it is necessary or appropriate, we reserve the right to use or disclose your information to allow us to pursue available claims or remedies and protect our legal rights, property or the safety of our employees, users or others, to the extent allowed by applicable law. This includes exchanging information with companies and organizations for the purposes of fraud detection.

Data Protection Officer

To ask any questions about DDI's data protection policy or compliance to the regulations listed above, please contact our data protection officer at DataProtectionOfficer@ddiworld.com or at 412-376-5803.

Additional European resources are also available for questions.

Further resources:

Explore how DDI secures data
Read our Privacy Policy
GDPR regulation
Submit a data request
Visit this page to select the type of marketing emails you'd like to receive from us or to unsubscribe.

This page has been developed to share DDI’s point of view and commitment to data protection. It should not be considered and does not constitute legal or professional advice. Organizations should seek their own legal counsel’s advice on interpretation of the data protection and privacy regulations and in relation to their business operations, products and services.