The General Data Protection Regulation (“GDPR”) is a new regulation which has come into effect in Europe as of 25 May 2018. Under the GDPR, individuals should only be contacted based on their direct consent, on some clear indication of interest, or on an ongoing business relationship. This gives you more control over the information that you receive and information about you which might be held by companies with which you do business. While this regulation only applies to companies doing business in the European Union (“EU”) and the other countries of the European Economic Area (“EEA”), we think that its requirements are good practice for our entire company, wherever our customers and partners are located. In the future we will work to contact you only about products based on interests you have indicated, on services which you are receiving, or on your consent.
In addition to complying with the GDPR, Copyright Clearance Center, Inc. (“CCC”) and its wholly owned subsidiary RightsDirect B.V. (“RD”) have taken extensive measures to protect the data which we hold, including through participation in the EU-US Privacy Shield certification program (see below) and a SOC 2 Type 2 audit and ISO certification process. In addition, our online Privacy Notices are reviewed and certified annually by TRUSTe, a independent third-party certification organization.
Contact Information for Copyright Clearance Center and RightsDirect
Copyright Clearance Center, Inc.
222 Rosewood Drive,
Danvers MA 01923, USA.
Arena Boulevard 65-71
1101 DL Amsterdam
Transfer of Data to the USA. The EU-US Privacy Shield
CCC is located and will process personal data in the United States. CCC is a EU-US Privacy Shield Framework (“Privacy Shield”) certified company. The Privacy Shield is administered by the U.S. Department of Commerce’s International Trade Administration (ITA). On July 12, 2016, the European Commission deemed that the EU-U.S. Privacy Shield Framework provided protections adequate to enable data transfers under EU law.
Purposes of the Processing of Personal Data
The purpose of the processing of the personal data obtained through the contacts described in is to provide the recipient with commercial information via email, direct mail, and telephone related to or about CCC and RD products and services.
Recipients of Personal Data
Our informational communications are processed by Salesforce.com. The personal data submitted via the opt-in form is transferred to Salesforce’s servers located in the United States.
Consent and Withdrawal of Consent
We will send out informational mailings and contact you based on your prior consent, which you may freely decide to give or not to give. You can provide consent by submitting an opt-in form found here, or we may contact you based on a prior indication of interest in a product or service or based on a product or service which you are already receiving. You can withdraw your consent at any time, and you may do so by sending an email to firstname.lastname@example.org or by using the unsubscribe link at the bottom of each mailing.
Period for which the data will be stored
The personal data submitted by you when subscribing to our informational mailings will be stored for a period of time necessary to fulfill the purpose of the consent, or until you unsubscribe or withdraw you consent.
In addition to your right to withdraw your consent, you have the rights to object to the processing of your personal data, to request access to and rectification or erasure of personal data, to restrict the processing of the data, to request that the data be transferred to a third party, and to lodge a complaint with a supervisory authority about the handling of your data.