| Product(s): | Exor Server | ||
| Version(s): | N\A | ||
| Environment: | N\A | ||
| Area: | N/A | ||
| Subarea: | N\A |
BENTLEY: GENERAL DATA PROTECTION REGULATION (GDPR)
In May 2018, a European privacy regulation, the General Data Protection Regulation (GDPR) takes effect. The GDPR imposes new obligations that will impact companies and other organizations around the world that offer goods and services to European Union residents, or that collect data tied to EU residents.
Bentley believes that the GDPR is an important step to strengthen and harmonize data protection of EU residents’ personal data. We are committed to GDPR compliance and have expertise in protecting data and supporting privacy rights. Bentley currently complies with EU-U.S. Privacy Shield. Although, there is no “pre-certification” available to demonstrate GDPR compliance, Bentley is currently well underway with GDPR readiness and implementation.
TRUST
Bentley knows that trust is central to our relationships. That is why Bentley is following “Privacy by Design” principles to ensure that data protection principles are incorporated into our business and day-to-day operations. We provide companywide privacy and security training for all colleagues and targeted trainings for specialized areas.
To further earn your trust, we are making contractual commitments available to you that provide key GDPR-related assurances. Our contractual commitments guarantee that you can:
· Respond to requests to correct, amend or delete personal data.
· Detect and report personal data breaches.
· Demonstrate your compliance with the GDPR.
FAQs
Bentley GDPR Contact
All questions and inquiries may be directed to your Account Manager who will consult with Bentley’s Compliance Director to address your questions and requests.
Data Protection Officer
Under Article 37 of the GDPR, Bentley is not required to designate a data protection officer because the core processing activities of Bentley do not rise to “regular and systematic monitoring of data subjects on a large scale” or any of the other processing activities that require a data protection officer.
Data Processing Activities
Bentley monitors the general access and use of our applications and cloud services for the legitimate business interests of fulfilling its administrative, billing, service, and contractual duties. Bentley’s sign-in and profile requirements are for entry into our gated systems and to login to Bentley’s cloud and applications. For non-federated engagements, first name, last name, email, organization, and country are required. For federated engagements, first name, last name, email, and country are required.
Processing Activities
The following basic processing activities may apply:
- Provide access to features and activities on our websites and applications
- Confirm a user’s entitlement to use specific features and services
- Provide customized content and resources based on past activity and usage
- Fulfill contractual duties and for administrative, billing, and support purposes
- Improve our sites and applications for users
- Conduct research and analysis to address the performance of our sites and applications
- Help maintain a secure system, detect fraud, and protect data
- Communicate and recommend products and services that might be of interest to users
Account Rights under the GDPR
Bentley is taking steps to ensure ongoing compliance with the key principles under the GDPR:
- Transparency, fairness, and lawfulness in the handling and use of personal data. Bentley will be clear on how we use personal data and will always have a "lawful basis" to process that data.
- Limiting the processing of personal data to specified, explicit, and legitimate purposes. Minimizing the collection and storage of personal data to that which is adequate and relevant for the intended purpose.
- Ensuring the accuracy of personal data and enabling it to be erased or rectified.
- Limiting the storage of personal data. Bentley will retain personal data only for as long as necessary to achieve the purposes for which the data was collected.
- Ensuring security, integrity, and confidentiality of personal data. Bentley has technical and organizational security measures in place to keep personal data secure.
Subprocessors
Bentley engages with carefully selected subprocessors. The provision of certain accounts may require us to commission additional Subprocessors. In such case, we will post additional Subprocessors on Bentley’s Trust Center. At Bentley, security and privacy is paramount. Accordingly, we impose data protection terms on each subprocessor we work with to maintain compliance.
|
Legal Entity |
Address |
Transfer to Non-EEA: Transfer Safeguard |
Additional organizational and Technical Security |
|
Amazon Web Services, Inc. |
2021 7th Avenue, Seattle, Washington 98121, USA |
Privacy Shield if transfer to US; no transfer to US in case an area within EEA is selected. |
https://aws.amazon.com/security/?hp=tile |
|
Bentley Systems, Incorporated |
685 Stockton Drive, Exton, Pennsylvania 19341 USA |
Privacy Shield if transfer to US; no transfer to US in case an area within EEA is selected. |
https://www.bentley.com/en/trust-center |
|
Datapipe Datacenters |
10 Exchange Place, Jersey City, New Jersey, USA |
Privacy Shield if transfer to US; no transfer to US in case an area within EEA is selected. |
https://www.datapipe.com/about |
|
Microsoft Azure |
Microsoft Campus Redmond, WA, USA 98052 |
Privacy Shield if transfer to US; no transfer to US in case an area within EEA is selected. |
https://azure.microsoft.com/en-us/overview/trusted-cloud/ |
|
SAP Cloud Services |
Newtown Square, PA USA |
Privacy Shield if transfer to US; no transfer to US in case an area within EEA is selected. | |
|
SunGard Datacenters |
680 East Swedesford Road Wayne, PA 19087 USA |
Privacy Shield if transfer to US; no transfer to US in case an area within EEA is selected. |
https://www.sungardas.com/en/about/who-we-are/our-values/ |
See Also
Bentley Trust Center www.bentley.com/trust-center
