Data Regulation Compliance
DDI’s commitment to data protection
As our world is increasingly guided by digital technologies that collect data about individuals, DDI is committed to protecting the personal data with which we are entrusted by our clients, vendors, partners, and employees.
DDI has dedicated resources, policies, and processes to data protection, including appointing a Data Security Office and a Data Protection Officer who routinely monitor global standards. Furthermore, we understand that data protection requires the commitment of every associate in our organization and require each of our associates to regularly complete data security training to ensure the highest standards of data protection. We also require our vendors to meet our standards for data privacy.
Don't assume that partners and vendors are taking care of data unless they can prove it. Partnering with a non-compliant organization leaves you open to unnecessary risks with your reputation, money, and most importantly, your people. Are you willing to take that risk?
What our commitment means to you
Having a partner that is focused on compliance with latest data protection trends and requirements means:
- Enhanced trust between your organization and your employees regarding data integrity and how their personal data is used.
- Confidence that data entrusted to DDI is being handled in a safe manner.
- The highest level of confidentiality of all data and information about employees from individual contributor to the CEO.
- Transparency around how we manage data (processing, sharing and retention) and we encourage our clients and partners to do the same.
- Commitment to employ best practices in privacy, security, and data protection.
- Accountability for managing our processes to minimize risk to our customer data.
How we keep your information safe
ISO 27001 Certification
To achieve ISO 27001 certification, DDI implemented technical, organizational and administrative security measures to protect your information from unauthorized access, disclosure, misuse, alteration, accidental loss or destruction. In addition, we align our product systems to the ISO 27001 framework. Technical measures to protect information include data encryption, access controls, and vulnerability management.
Compliance with General Data Protection Regulations (GDPR)
Effective May 25, 2018, a new privacy mandate called the General Data Protection Regulation (GDPR) took effect. The GDPR expands the privacy rights of residents of the European Union and placed new obligations on service providers like DDI which control and process personal data from the EU. As the new era of data privacy unfolds, DDI views regulations like GDPR as an opportunity to deepen our commitment to privacy and data protection internally and with our global clients.
To us, compliance goes beyond policies and system settings, requiring both organizational and cultural shifts; it demands a partnership between DDI, its sub-processors, and our customers. DDI is committed to GDPR compliance throughout our operations and in the delivery of service to our global clients. We are also dedicated to helping our customers comply throughout our partnership. DDI continues to make enhancements to our products, contracts, and documentation to minimize risk to data we process. We are also raising the awareness and competence of our associates to support global compliance.
In accordance with the GDPR, DDI processes personal data limited to the purpose for which it was gathered and per the consent provided to the individual, including:
- The provision of contractual services.
- For research purposes.
- In a manner that ensures appropriate security measures.
- After we have consent to do so.
In accordance with the GDPR, DDI upholds the rights of European Union residents to receive a timely response to requests to access, correct, erase, or, in some cases, transfer personal data.
Compliance with the California Consumer Privacy Act (CCPA)
Effective January 1, 2020, the California Consumer Privacy Act (CCPA) allows California residents to request from a business that collects personal information to give consumers access to and/or deletion of the personal information collected. Terms used in this CCPA Notice but not defined here will have the same meaning as defined under the CCPA.
- DDI does not sell your personal information to third parties.
- DDI discloses personal information for business purposes only.
Business purposes can include such things as: providing our Services, maintaining and servicing accounts, providing customer service, processing or fulfilling orders and transactions, performing analytics and quality control, auditing transactions, researching and testing features and improvements, detecting and preventing fraud and security incidents, debugging or repairing technical errors, and marketing our Services.
In accordance with the CCPA, if you are a California resident using the Services, you have the following rights:
- To request the categories of personal information that the business collected about you; and
- To request the categories of personal information that the business disclosed about you for a business purpose.
- To request deletion of the personal information it has collected from you, subject to certain legal exceptions.
- The right to be protected from discrimination for exercising your CCPA rights. Businesses are prohibited from discriminating against you for exercising your rights under the CCPA, including by: (A) denying you goods or services; (B) charging you different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; (C) providing you with a different level or quality of goods or services; or (D) suggesting that you will receive a different price, rate, level, or quality of goods or services. Nothing prohibits a business from charging a different price or providing a different level or quality of service if the difference is reasonably related to the value provided to the consumer by the consumer’s data.
Your rights under CCPA may be exempted as permitted under the statute, particularly if you use the Services as an employee or agent under a business account. DDI expressly reserves all rights to claim legal exemptions permitted under the CCPA.
California Online Privacy Protection Act
In compliance with CalOPPA, we have hereby posted this conspicuous Policy to the public, indicating the personal data being collected and the manner in which it may be disclosed and with whom. Accordingly, our users may visit our Site using anonymous browsing, this Policy linked in our home page, with the link including the word ‘Privacy’ or similar. We also comply with Policy change notification to our users and provide mechanisms that allow our users to manage their personal data personal information.
Compliance with Required Data Disclosure Mandates
DDI may be required to disclose your information to comply with applicable laws (including laws outside of your individual state, province, or country of residence), regulations, court orders, government and law enforcement requests, including national security or other law enforcement requirements. Additionally, if we reasonably believe that it is necessary or appropriate, we reserve the right to use or disclose your information to allow us to pursue available claims or remedies and protect our legal rights, property or the safety of our employees, users or others, to the extent allowed by applicable law. This includes exchanging information with companies and organizations for the purposes of fraud detection.
Data Protection Officer
To ask any questions about DDI's data protection policy or compliance to the regulations listed above, please contact our data protection officer at DataProtectionOfficer@ddiworld.com or at 412-376-5803.
Additional European resources are also available for questions.
This page has been developed to share DDI’s point of view and commitment to data protection. It should not be considered and does not constitute legal or professional advice. Organizations should seek their own legal counsel’s advice on interpretation of the data protection and privacy regulations and in relation to their business operations, products and services.