Privacy policy for SCANDIC DATA
Introduction
This Privacy Policy describes how SCANDIC DATA processes personal data when you use our hosting, cloud and data center services. As part of the SCANDIC GROUP, we act in accordance with the EU General Data Protection Regulation (GDPR), the Bahrain Personal Data Protection Law (PDPL) and other relevant laws. Protecting your privacy and data security is our top priority.
Responsible companies
SCANDIC ASSETS FZCO
Dubai Silicon Oasis DDP
Building A1/A2
Dubai - 342001
United Arab Emirates
Phone: +97 14 3465-949
Mail: Info@ScandicAssets.dev
Commercial register: https://dieza.my.site.com/diezaqrverify/validateqr?id=001NM00000K2u4FYAR&masterCode=CERTIFICATE_OF_FORMATION&relatedToId=a1MNM000004ddaI2AQ
Represented by:
SCANDIC TRUST GROUP LLC
(hereinafter referred to as „SCANDIC DATA“)
IQ Business Center
Bolsunovska Street 13-15
Kyiv - 01014, Ukraine
Phone: +38 09 71 880-110
Mail: Info@ScandicTrust.com
Commercial register: https://legiergroup.com/Scandic_Trust_Group_LLC_Extract_from_the_Unified_State_Register.pdf
In cooperation with:
LEGIER Beteiligungs mbH
Kurfürstendamm 14
10719 Berlin
Federal Republic of Germany
Commercial register: HRB 57837
(Register court Berlin-Charlottenburg)
Sales tax ID: DE 413445833
Phone: +49 (0) 30 99211-3469
E-Mail: Info@LegierGroup.com
Commercial register: https://www.handelsregister.de/rp_web/normalesuche/welcome.xhtml
SCANDIC ASSETS FZCO and LEGIER Beteiligungs mbH are non-operational service providers. Operational data processing is carried out by SCANDIC TRUST GROUP LLC.
Overview library
– 1. responsible person
– 2. categories of personal data
– 3. purposes and legal bases of the processing
– 4. recipient of the data
– 5. international data transmission
– 6. storage period and deletion
– 7 Rights of the data subjects
– 8. cookies and tracking
– 9. data security
– 10. minors
– 11. changes to this privacy policy
– 12. contact
1. Responsible person
The controller responsible for data processing within the meaning of data protection legislation is SCANDIC TRUST GROUP LLC (SCANDIC DATA). Further information can be found in the legal notice. For certain processes, such as payment processing or media offers, other SCANDIC GROUP companies may be joint controllers or processors. In such cases, we will conclude corresponding agreements and inform you separately.
2. categories of personal data
Depending on the respective service and the legal requirements, we process the following categories of data:
– Master and contact data: Name, address, e-mail address, telephone number, company affiliation and function.
– Contract and usage data: Customer number, tariffs, selected services, contract terms, service level agreements.
– Access and authentication data: User IDs, passwords (encrypted), API keys, two-factor tokens.
– Technical log and metadata: IP address, browser and device specifications, access times, log files, authentication logs, system events, audit trails.
– Billing and payment data: Billing address, payment method, bank details or wallet address, VAT ID, payment status.
– Customer support and communication data: Contents of support tickets, e-mails, chats, feedback surveys, recorded telephone calls (only with consent).
– Content and usage data: Data, files and applications that customers store and process on our infrastructure. We do not systematically record this content, but we can view it as part of our legal obligations or to investigate misuse.
– Security and compliance data: Information from sanction checks, KYC processes, audit reports, certifications and reports from the whistleblower system.
– Sensitive data categories: In exceptional cases, particularly sensitive data (e.g. health information) may be processed if it is required for the operation of vital applications and explicit consent has been given.
3. purposes and legal bases of the processing
We process personal data for the following purposes and rely on the aforementioned legal bases:
– Fulfillment of contracts (Art. 6 para. 1 lit. b GDPR): For the provision and management of data center, colocation and cloud services, billing, technical support and contract communication. - Fulfillment of legal obligations (Art. 6 para. 1 lit. c GDPR): For example, to comply with tax and commercial law regulations, reporting obligations under the Money Laundering Act, supply chain laws or requests from authorities and courts. - Legitimate interests (Art. 6 para. 1 lit. f GDPR): Improving our services, ensuring IT and network security, preventing fraud and abuse, direct marketing to existing customers, enforcing legal claims and defense in legal disputes. When weighing up your interests, we take your rights and expectations into account. - Consent (Art. 6 para. 1 lit. a GDPR): We obtain your express consent for optional processing operations such as the sending of newsletters, the use of tracking and marketing cookies or the processing of special categories of personal data. You can revoke this consent at any time with effect for the future.
4. recipient of the data
Within the SCANDIC GROUP, only those departments that need your data to fulfill the above-mentioned purposes will have access to it. External recipients may be
– Technology and infrastructure providers: Data center operators (e.g. our branch in Bahrain), cloud service providers, network carriers, hardware suppliers and maintenance service providers. - Payment service providers and banks: For the processing of payments and compliance with anti-money laundering regulations. - Consultants and test centers: Lawyers, auditors, certification bodies that support us in complying with legal requirements. - Authorities: Law enforcement, customs, tax and data protection authorities, insofar as we are legally obliged to do so or this is necessary to enforce rights. - Cooperation partner: Other brands of the SCANDIC GROUP (e.g. SCANDIC PAY for payment services) if you use them. In such cases, we will inform you in advance.
5. international data transmission
SCANDIC DATA operates infrastructure in Bahrain and other countries outside the European Economic Area (EEA). For transfers to third countries, we ensure that appropriate safeguards are in place, in particular by concluding standard contractual clauses of the EU Commission, carrying out transfer impact assessments and implementing additional technical and organizational measures (e.g. encryption, pseudonymization). If country-specific approval is required, we will obtain this. Transfers within the SCANDIC GROUP are carried out on the basis of internal data protection agreements.
6. storage period and deletion
We only store personal data for as long as is necessary to fulfill the stated purposes or for as long as there are legal retention periods. Your data will be deleted or anonymized once the purpose no longer applies or statutory periods have expired. Specifically, the following periods apply:
– Contract documents and invoices: ten years (German Fiscal Code, German Commercial Code).
– Log and safety data: twelve months, unless longer storage is necessary due to legal obligations, ongoing investigations or to defend against legal claims.
– Application and support data: six months after completion of the process, unless longer storage is required.
– Consent-based data: until you withdraw your consent or the purpose no longer applies.
7 Rights of the data subjects
You have the following rights within the framework of the statutory provisions:
– Information: You can request information about the data stored by us and its processing. - Correction: You can request the correction of incorrect or incomplete data. - Deletion: You can request the deletion of your data, provided that there are no statutory retention obligations to the contrary. - Restriction of processing: You can request the restriction of processing, for example if the accuracy of the data is disputed. - Data portability: You may request to receive the data that we process automatically on the basis of your consent or a contract in a structured, commonly used and machine-readable format or to have it transferred to another controller. - Contradiction: You may object to the processing of your data on grounds relating to your particular situation, provided that we are relying on a legitimate interest. You can object to direct advertising at any time. - Withdrawal of consent: You can revoke your consent at any time for the future. - Complaint: You can lodge a complaint with a supervisory authority if you believe that we are processing your data unlawfully. The competent authority is, for example, the Berlin Commissioner for Data Protection and Freedom of Information or the authority responsible for your place of residence.
8. cookies and tracking
Our website and platforms use cookies and similar technologies to ensure functionality and improve the user experience. We distinguish between:
– Technically necessary cookies: They ensure that basic functions such as login, shopping cart or language settings work. They cannot be deactivated. - Preference cookies: They save settings (e.g. dark mode, language) and improve user-friendliness. - Analysis cookies: With your consent, we use tools such as web analytics to analyze user behavior anonymously and to optimize our service. - Marketing cookies: These are only used if you agree. They enable us to place advertising relevant to our services.
When you visit our website for the first time, you can use a consent tool to decide which cookie categories you allow. You can change your settings at any time. You can find more information in our cookie policy.
9. data security
SCANDIC DATA uses extensive technical and organizational measures to protect your data from loss, misuse and unauthorized access. These include
– Encryption: Data is encrypted both during transmission (TLS/HTTPS, VPN) and at rest. - Zero-trust architecture: Access is granted strictly according to the least privilege principle; all connections are authenticated and authorized. - Multi-level authentication: Access to administrative and customer systems requires multifactorial procedures. - Network segmentation: Critical systems and customer data are strictly separated from each other. Firewalls and intrusion detection systems monitor data traffic. - Permanent monitoring: SIEM/SOAR platforms, Darktrace modules and automated incident response processes detect and resolve security events in real time. - Physical security: Access to the data center is protected by biometric controls, CCTV and security personnel. Redundant power and cooling supply ensures an availability of 99.999 %.
10. minors
Our services are aimed at business customers and organizations. We do not offer services to children and do not knowingly collect personal data from minors under the age of 16. If we become aware of such processing, we will delete the relevant data unless there is a legal obligation to retain it.
11. changes to this privacy policy
This privacy policy is reviewed regularly and updated as necessary to reflect legal, technical or business changes. The latest version is always available on our website. In the event of significant changes, we will inform you via suitable channels (e.g. by email or via the user interface).
12. contact
If you have any questions regarding the processing of your personal data, the assertion of your rights or data protection at SCANDIC DATA, please contact our data protection officer:
SCANDIC DATA
Data protection
IQ Business Center
Bolsunovska Street 13-15
Kyiv - 01014, Ukraine
E-Mail: privacy@scandictrust.com
Phone: +38 09 71 880-110
Deutsch 
English 
Afrikaans 
العربية 
Italiano 
Español 
简体中文 
Українська 
اردو 
Türkçe 
ไทย 
Polski 
Български 
Bosanski 
Hrvatski 
Français 
فارسی 
עִבְרִית 
हिन्दी 
Bahasa Indonesia 
Suomi 
Dansk 
日本語 
한국어 
Svenska 
Shqip 
Српски језик 
Slovenščina 
Slovenčina 
Íslenska 
Čeština 
Ελληνικά 
Magyar