** LAST UPDATED APRIL 16, 2020 **
DCI’s HDD locating systems generate data for the users and owners of these systems that is essential for guiding horizontal directional drilling underground. Although our business is primarily focused on providing HDD locating systems, rather than collecting data, we do collect some data from dealers, customers and users in the course of selling and supporting these products. This policy explains what we collect, how and why we collect it, how we use that data, how we secure this data and what your rights are. DCI is a global company, headquartered in the United States but serving customers with offices in Europe, China, India, Australia and Russia, and we operate with all of these countries’ data privacy and related laws in mind.
What Data Do We Collect?
Warranty Registration and Repairs
We ask customers to register with us so we can track their eligibility for warranty coverage, establish a service history for their products, send them product updates and information, for safety and liability considerations, and other similar matters. We create similar customer records when customers submit equipment to us for repairs. In these instances, we ask customers to provide their name and contact information (e-mail address, phone number, company address). We believe we have a “legitimate interest” in collecting this data under EU data privacy law because of the minimal category of data (contact information) that is necessary to carry out the above purposes. Contacting customers can be essential to maintaining safe operation of our equipment on jobsites. We store this data indefinitely, because so long as the equipment may be in circulation, this data may be needed for the purposes stated above. We store this data in third-party, certified cloud storage with U.S.-based servers. We limit access to this data to DCI employees and service providers who need access to these records to provide customer support, to carry out the purposes listed above, and for financial reporting, legal and IT support.
Although most of our business is conducted through our dealers, we occasionally process a repair directly with the customer. In these cases, we collect credit card, wire transfer or check information as legally necessary to process payment for the repairs. We do not keep this information after the payment transaction.
We offer a cloud-based storage solution to enable customers to store ‘data logs’ from their drilling projects. Most of the data that customers store in our cloud storage is not personal data (for example, pitch and roll data along a drilling bore path). However, the name and contact information of a point of contact for the contractor is stored, on the basis of consent from the contractor. Typically, the contractor uploads data on behalf of the customer (for example, a utility company), and may also enter the name and contact information of a customer point of contact on the customer’s behalf. This information is stored for so long as the contractor or customer chooses to store it. We use a third-party, cloud storage service for this offering. We have not yet released this offering in the EU, but we plan for the future EU cloud storage to be on EU-based, GDPR-compliant servers.
We currently offer this cloud-based solution via a subscription model in the U.S. Upon sign-up, the contractor provides the name and contact information of a point of contact, as well as the names and contact information for additional users (who are typically employees of the contractor). We believe collection of this information constitutes a “legitimate interest” under EU data privacy laws because this data is necessary for us to administer the cloud service and provide user access. We store this information for the duration of the subscription. We store this sign-up information in third-party, Privacy-Shield certified cloud storage with U.S.-based servers. We limit access to this information to internal groups within DCI who need access to these records to provide customer support, to support the purposes listed above, and for financial reporting, legal and IT support.
DCI collects and uses non-personal ‘data log’ data for industry data summaries and reports, for product support, to provide customer service, and for use with products and services of DCI and its partners. DCI does not disclose project-specific data log information without the consent of the contractor/customer, other than as required by law or in response to government request, except that DCI may disclose aggregate data that incorporates project-specific data.
Communications with Customers
DCI prides itself on providing best in class customer service in the HDD industry. We provide customer service the old fashioned way, as our customers and dealers can almost always reach someone live to answer questions. When our customer service group receives in-bound calls, they sometimes record the name and contact information of the caller in order to follow up regarding the customer’s immediate needs and for future communication. We also receive in-bound e-mails from customers that may contain personal data (such as name and contact information). We believe providing this customer service constitutes a “legitimate interest” under EU data privacy laws relative to the minimal amount of personal data that we need to collect to provide this support. Customers and dealers in non-U.S. territories typically contact their local DCI office for support, and any such in-bound e-mails are stored on third-party servers in those countries (which, in the EU, are certified to be GDPR-compliant). In the rare occurrence that in-bound e-mails from overseas are sent to our U.S. customer service group, those e-mails are stored with a third-party, cloud storage provider.
We sell our products primarily through third-party dealers, who range from large corporate organizations to sole proprietorships. We collect minimal information – name, job title, contact information for dealer points of contact – from each of our dealers. We believe this purpose constitutes a “legitimate interest” under EU data privacy laws because we collect only the minimal amount of information necessary to conduct day to day business. We also collect banking information as legally necessary to process payments to/from dealers relating to purchases of our products. We store this information for so long as the distribution relationship remains active, and for six years beyond for tax and liability purposes. We store this information in third-party, cloud storage with U.S.-based servers. We limit access to this information to internal groups within DCI who need access to these records to provide customer support, to carry out business transactions with these dealers, and for financial reporting, legal and IT support.
Visitors to our Website
DCI Generally Will Not Share Your Personal Data, With Limited Exceptions
Unless it is for the purposes you have requested or originally agreed, DCI will not intentionally share the personal data you provide to DCI with third parties, except:
- with your consent;
- as may be required by law or court order or to otherwise cooperate with law enforcement or other governmental agencies;
- for financial reporting purposes;
- to third-party service providers who provide website, hosting, maintenance or other services for us relating to the internal operations of our business (our contracts typically require them to maintain the confidentiality of this data);
- to take precautions or actions relating to liability or unlawful uses or activity;
- to investigate and defend ourselves against third-party claims or allegations;
- under exigent circumstances to protect the personal safety or property of our users, the public, or ourselves; and
- in connection with an acquisition, bankruptcy or other transaction involving DCI.
Your Rights Relating To Your Data
You may contact us at any time to:
- Request access to any of your personal data that DCI may hold;
- Correct any of your personal data that DCI may hold; and
- Delete any of your personal data that DCI may hold (subject to exceptions as provided under EU data privacy laws).
To contact us, please see the “Contact Us” page on our website or e-mail firstname.lastname@example.org. You also have the right to lodge a complaint with the relevant data protection authorities if you believe your data privacy rights are not being honored.
Notice to/regarding Children Under the Age of 16
If you are under 16 years of age, you should not provide any personal data (for example, your name, phone number or e-mail address) to DCI without the knowledge and permission of your parent or guardian. If DCI learns that you are under 16 years of age, DCI will not maintain or use any personally data about you without the verifiable consent of your parent or guardian, except as allowed by law.
Changes and Updates to this Policy
To report any technical problems with this website, you can e-mail us at: email@example.com