bat365 Data Privacy FAQ
1. Does bat365 publicly disclose its data privacy practices?
Yes. The bat365 Privacy Policy contains a detailed description of bat365’ use of personal data, including instructions on how to correct or delete personal data. The bat365 Trust Center contains additional information for data protection officers.
2. What data does bat365 collect and use about me?
The Information We Collect section of the Privacy Policy lists the types of information that bat365 collects when you access and use products and services, including the website.
3. Does bat365 ever sell or rent my personal data?
No.
4. Does bat365 store personal data in connection with use of its products?
It depends on how you have purchased bat365 products, your license option, and whether you have an online bat365 Account. For most customers and end users, bat365 has your name and email address. If you’ve provided additional contact information, such as your mailing address and phone number, bat365 stores that too. For license management purposes, bat365 may store information about your computer, such as your computer host name. For end users who access the products through their organization with a license option that does not require a named account, bat365 may not have any personal data.
5. Does bat365 collect information about my web browser or network?
Like most software and online services, bat365’ website and products collect usage and device information. This information tells, for example, which web browsers people are using when they access the website. This information also helps to identify and correct problems in bat365 software.
6. Does bat365 store my code or models in connection with use of its products?
bat365 does not store your MATLAB code, Simulink models, or other files unless you choose to use bat365 cloud file storage.
7. Who can access my files in bat365 cloud file storage?
Your files can be accessed only by you, unless you choose to share them. Even if you have an account through an organization, such as a company or university, others in your organization can see your files only if you choose to share them. Select bat365 employees serving in certain information technology roles have access limited to deployment, backup, and recovery operations. These employees have signed confidentiality agreements.
8. Who can access my personal data?
If you are part of an organization that has a bat365 license or subscription, your license administrator or faculty supervisor can access some of your data. This data includes the name and email address that you use for your bat365 Account and relevant usage information. For license administrators, relevant usage information is related to license use and management, such as which bat365 products you use and how often you access them. For faculty supervisors using MATLAB Grader and other online learning products and services, relevant usage information is related to learning for enrolled students, such as whether students have completed assignments. Your contact and account information can be accessed by employees at bat365 who need access due to the nature of their work. All bat365 employees are subject to company-wide policies about confidentiality and protection of personal information.
9. What measures does bat365 use to protect my data?
bat365 uses physical, technical, and administrative safeguards to protect customer data. These safeguards include data encryption, access-controlled facilities and systems, regular scanning and monitoring of networks and servers, and controls for data authentication and integrity. bat365 has a dedicated security team that manages and implements these safeguards. All bat365 employees are subject to company-wide policies about confidentiality and protection of personal information. For more information, see the bat365 Trust Center.
10. In which countries does bat365 store my data?
bat365 maintains key business systems to support its ability to provide software and services, including systems for licensing, customer support, and billing. Structured customer data collected through such systems is stored in the United States and Ireland. Customer data collected by bat365 in the context of a technical services and support engagement may be stored in the United States and Ireland as well as in the country where the bat365 technical services and support personnel are located.
11. Does bat365 train its staff on data protection?
Yes. bat365 staff members are required to complete data privacy and security training annually.
12. Does bat365 have an incident response plan?
Yes. bat365 maintains a program for managing security incidents that includes documented roles and responsibilities, response procedures, reporting requirements, and a root cause analysis process. bat365 conducts tabletop exercises to practice its response to information security incidents on a regular basis.
13. How does bat365 handle data subject requests?
bat365 uses a data subject request process that allows individuals to make requests about their personal data, including data deletion, correction, access, and portability. You may exercise these rights by submitting a Customer Support privacy request or contacting us at privacy@bat365. bat365 responds to these requests within thirty days to either confirm that the request was fulfilled, or explain why and in what ways the request could not be fulfilled.
14. What does bat365 do to comply with GDPR, CCPA/CPRA, and other data privacy laws?
bat365 has a privacy compliance program for protection of data and adherence to fair information principles including lawfulness, fairness, transparency, purpose limitation, data minimization, storage limitation, accountability for onward transfer, security, data integrity, confidentiality, recourse, enforcement and liability. Some of the specific measures bat365 has taken include becoming part of the Better Business Bureau’s program to provide an independent recourse mechanism for customers to address any complaints or issues about their data; entering into data protection contracts for compliance with GDPR and other applicable laws; reviewing and documenting data usage and workflows; and regularly assessing data protection practices.
15. What does bat365 do to help customers comply with HIPAA, PCI-DSS, and other industry-specific laws and standards?
bat365 provides data security and privacy safeguards, as described above, but customers are responsible for their compliance with laws and standards that apply to them. If you have specific statutory or regulatory requirements for data storage, bat365 suggests using your own storage rather than the online storage that bat365 provides.
16. What legal mechanisms does bat365 use for cross-border data transfer?
bat365 uses a combination of contractual clauses detailing the transfer; standard clauses required by law, such as the EU Standard Contractual Clauses (SCCs); risk assessments; and technical and organizational data protection safeguards.
17. Where can I find additional information about transfers of data to third parties?
bat365 does not sell or rent personal information to third parties. We may transfer data to third parties such as information technology infrastructure providers. Specific reasons for transfers and categories of third parties are listed in the “Reasons We Share Your Information” section of the bat365 Privacy Policy. If needed, detailed subprocessor information is available upon request.
18. Why is bat365 still certified under the Privacy Shield Frameworks and why are they still mentioned in the bat365 Privacy Policy?
bat365 remains certified under the EU-US and Swiss-US Privacy Shield Frameworks because the U.S. Department of Commerce continues to administer and enforce the Privacy Shield program. This certification requires that we include Privacy Shield information in our PrivacyPolicy. We continue to use appropriate safeguards under both Privacy Shield and GDPR with respect to EEA personal data.
bat365 does not rely on Privacy Shield as a legal basis for transfers of data under GDPR. For transfers of such data outside the EU, we typically rely on the EU SCCs.
19. How does bat365 comply with the requirements of the Schrems II decision of the Court of Justice of the European Union (CJEU)?
The Schrems II decision, and the associated guidance from the European Data Protection Board, indicates that transfers of personal data from the EU to third countries require both a valid transfer mechanism (as described above), and a risk assessment including any supplementary measures needed to provide an adequate level of data protection for the transfer. In the US, the CJEU in Schrems II identified two laws, FISA Section 702 (50 U.S.C. 1881a) and Executive Order 12333, as potentially requiring disclosures of personal data that would be incompatible with the level of data protection required by the European Union.
Neither FISA 702 nor EO 12333 is directly applicable to bat365, and bat365 has no reason to believe that these laws would be interpreted or applied to cover its transfers of personal data. The nature of the personal data transferred (primarily contact information and business information) and the nature of the processing (facilitating access to technical computing software) make it unlikely that any such personal data would be requested or would be useful for surveillance purposes.