Last Updated May 24, 2018
This Policy sets out how RCS uses and protects any information that you give RCS when you use our online services. RCS is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using our services, you can be assured that it will only be used in accordance with this Policy. This Policy is in compliance with the requirements of the European Union’s General Data Protection Regulation (GDPR) which came into force on May 25, 2018. This policy does not diminish any additional rights you may have under the laws of your country.
WHO WE ARE
Within this policy, “RCS” refers to any entity within the RCS (Radio Computing Services) group of companies which include, in the United States of America, iHeartMedia Management Services Inc. (iHeartMedia) and, in the European Union, Radio Computing Services (UK) Ltd, RCS Europe sarl and associated branch offices, RCS Europe SARL, Niederlassung Deutschland, RCS Europe SA, France, Filial Sverige and RCS Europe sarl (SP. Z O.O.) Oddzial W Polsce. This policy applies to all RCS companies in the European Union and to iHeartMedia in the event that it processes personal data of individual persons located in the European Union. Where we use the acronym RCS, we refer to any or all of the foregoing entities, as the case may be, or depending on the country you are in. All other RCS offices outside Europe have agreed to operate under this Policy. A full list of those non-European offices, together with relevant contact details, can be found here: https://www.rcsworks.com/worldwide/
2) LEGITIMATE INTERESTS
As a technology company serving broadcasting companies worldwide, RCS leverages robust, state-of-the-art methods to optimize communication between ourselves and our customers and their employees. At present, the most immediate and universally supported communication method is email. It is in the legitimate interests of RCS to use email, cellphones and landlines to apprise customers and prospects regarding the status of their software and hardware purchases; to provide timely updates regarding the progress of support issues; to send advisories regarding account security or planned service outages; and to determine customer preferences and priorities in the marketplace.
Many RCS products support real-time, mission critical processes at customer sites – usually radio and television studios – and timeliness of communication is essential. RCS stores the minimum amount of personal data (as defined in the GDPR) necessary to accomplish this, and because many other companies employ these techniques, users are accustomed to and would expect to hear from RCS by email, cellphones and landlines with respect to these matters, throughout the lifetime of their relationship with us.
3) PERSONAL DATA WE COLLECT
We may collect and store the following information about you:
a) Your name
b) An email address that you provide or that is provided to us by your manager.
c) A phone number that you provide or that is provided to us by your manager.
d) A User ID that can be based on your name, can be the same as your email address, or something unique of your own choosing within certain parameters.
e) A password of your own choosing within certain parameters. This password is protected by technology that does not facilitate recovery of the original password from the information stored in our database so it is not personal data that we process.
f) Which RCS client businesses you are affiliated with and your title at each.
g) The date you last interacted with RCS by:
i. Opening a support issue with the support departmenth) The date you last obtained a software license, including over the phone, if our record identifies you personally.
ii. Requested a product quote for a hardware or software system
iii. Logged into the RCS website at rcsworks.com or rcssupport.com
iv. Sent a database using RCS Data Exchange
v. Sent an email to a support issue address relating to one of your support issues
vi. Subscribed or unsubscribed to new product release email notifications
4) HOW WE USE THE INFORMATION WE GATHER
RCS will use your name, User ID and email address to authenticate you and to provide online services to the customer you represent for downloading files, participating in support issues and updating your software licenses. We use it to identify which notification options or subscriptions you select on our websites. When you activate these subscriptions, you allow RCS to contact you by email to advise you of the status of your support incidents or notify you about new versions of the software products you use.
RCS may also contact you to advise you of planned unavailability of the services you use, to ask you about the RCS products or other software products you use, or ask you about your experiences dealing with our support, training and installation departments.
Data collected by RCS is primarily used to interact with customers to provide service and support, and to ensure the security of the customer’s account. At times RCS will send marketing and survey materials to you.
5) SHARING YOUR INFORMATION
No RCS entity shares any personal data with any other entity whether outside or within RCS. Personal data cannot be accessed through the iHeartMedia-owned data center held in the United States.
6) SECURITY OF YOUR INFORMATION
We are committed to ensuring that your information is secure by using commercially-reasonable technical, administrative and physical security measures designed to protect your information. For example:
RCS web and database servers are configured to use only the latest security protocols. Database access is secured through non-default, complex passwords. The data integrity methods (firewall, etc.) have been provided by the parent company, iHeartMedia, and meet current industry standards for security. All security updates are applied in a timely manner to the systems employed.
RCS parent company, iHeartMedia, routinely performs penetration testing on network nodes to ensure the security technology and protocols are adequately protecting the network and stored information.
If a breach of security and the breach is likely to pose risk to the persons whose data is impacted, RCS will report the breach to impacted individuals.
The RCS IT department is instructed to identify and report any issues of data breach to the designated company officer who will ensure compliance with the above requirement.
7) INFORMATION WE STORE
RCS may store information in the following ways:
a. When you log into our websites
When you log into our websites, including rcsworks.com, rcscommunity.com and rcssupport.com, RCS will store:
i. The date you last logged into one of the RCS websites
ii. The names of any software files you downloaded from the Download area of the site
iii. The dates and contents of any chat sessions you participate in with RCS.
i) Your user name
ii) A double-hashed copy of your password.
The cookies are set to expire two weeks from the time they are set.
On rcssupport.com, if you enable the “Remember Me” option during login, RCS stores your User ID and a hash of your password in a cookie which expires after 1 year.
c. When you use RCS Internet Licensing
When you use RCS Internet Licensing, RCS will store:
i. The IP address used to contact the licensing server, which may reveal your approximate location
ii. The call letters, database name and tag number of the database(s) or products you license
iii. The product, expiration date and other information about the metrics of the license granted, if any.
d. When you use RCS Data Exchange
When you use RCS Data Exchange to send a database, RCS will store:
i. The IP address used to send the data, which may reveal your approximate location
ii. The contents of the text message you provide in the transmission
iii. The name, call letters and contents of the product database you send. The database contents can optionally be encrypted when sending if you make use of the Private Password function.
iv. The email address(es) of the recipient(s) of your transmission
Your password is known only to you and is not accessible by RCS.
RCS will maintain your messages and recipients' information for up to one year. It is not shared with third parties. RCS may anonymously gather statistics about the frequency at which people use RCS Data Exchange or other statistics about the health and resources of the web servers used to run the service.
RCS does not allow its employees to access the contents of the messages or databases you send via RCS Data Exchange, unless the transmission is sent to at least one member of the RCS staff using their current RCS employee email address. In these cases, the database contents are not further shared outside of RCS. If your Data Exchange transmission is related to an ongoing support issue you report to RCS, we may keep your data for up to six months from the date your issue is marked as being resolved.
e. When you use RCS Software Products
When you use certain RCS software products, the products may collect usage data. This data indicates which features of the program you use, when and for how long. This data will be anonymous and will not contain your personal information or any information about your station’s database or settings. The usage information will be sent to RCS at periodic intervals.
Because of the mission-critical nature of broadcast software, and the reasonable performance expectations of our legally contracted customers, RCS may collect code exceptions within its products. Exceptions are reports of instances where the program did not run in the expected manner. The exception reports contain the name of your computer, your User ID, your database name, licensee name and details of the exception. They may contain information about the operating system and software version running on your computer.
If you do not wish to have this information collected, you may modify the behavior by disabling Anonymous Usage Tracking and/or Send Exceptions to RCS in the Settings page of the software program. Changing these settings will not affect the behavior of the product in any other way.
8) CONTROLLING YOUR PERSONAL INFORMATION
You may choose to restrict the collection or use of your personal information from your profile page when you login to rcssupport.com.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
You may request details of personal information which we hold about you. If applicable, we will promptly correct any information found to be incorrect. Contact your local RCS office for assistance.
9) REMOVAL OF YOUR PERSONAL INFORMATION
RCS will erase your personal information from our systems after two years of inactivity from the last date of interaction.
You may revoke your personal information from our systems at any time by invoking the “Remove My Information” button on your Profile page, which appears after you log in at the rcssupport.com website. Upon activating the mechanism to remove all your personal information, your name, email address and phone number will be permanently removed from the databases used at RCS to manage services. The history of your interaction with the company with respect to downloads, software licenses, support issues or other online preferences will be anonymized with no traceability to your identity.
10) MANAGING PERSONAL INFORMATION
You have the right as an individual to manage the personal data we hold about you and make amendments to it if this is necessary and to withdraw any consent in relation to the use of your personal data that you may have given us. If you exercise any of your rights, RCS may ask for information from you to confirm your identity and, where applicable, to help RCS find your personal data. We will respond within 30 days after we receive a valid request backed up by suitable evidence of your identity. The specific rights you have are as follows:
- to request a summary of the personal data we have about you
- to correct and update your personal data
- to withdraw your consent (where we have requested and you have given it to enable RCS to send you any general information that is not strictly necessary under any contract nor is within our legitimate interests to send to you)
- to object to certain kinds of processing of your personal data such as automated processing and profiling
- to erase your personal data or restrict its use
- to complain to the RCS-nominated supervisory authority in the European Union which is the Datainspektionen in Sweden. The Datainspektionen may be contacted at PostaddressBox 8114, 104 20 Stockholm, Sweden (https://www.datainspektionen.se/in-english/contact-us/)
11) CHANGES TO THIS POLICY
We reserve the right to update this Policy to reflect changes to our information practices by prominently posting notice of the update on our Sites, and as required, obtaining your consent. Any updates will become effective immediately after posting the updates to this Policy and apply to all information collected about you, or where required, upon your consent. You agree that you will review this Policy periodically.
If we make any changes to this Policy, we will change the "Last Updated" date above.
If we make any major changes to this Policy – including, but not limited to, changes that materially impact previously collected information about you – we will contact you by email to obtain your prior express consent.
12) CONTACT US
If you have any questions about this Policy, or concerning information we may have collected about you, please contact us by email at firstname.lastname@example.org, or by postal mail to:
Data Privacy Manager
216 19 Malmö
Or you may also contact your local office (listed at: https://www.rcsworks.com/worldwide/).