Privacy

Keeping your data private

Learn about our Privacy Policy and how we deal with GDPR and breach notifications.

SimCorp provides its Privacy Policy to all new EU based contacts (clients, prospect clients and visitors to our website) that are registered in our CRM system to inform about SimCorp’s protection of personal data. The Privacy Policy is compliant with GDPR and informs contacts about their right to insight, deletion and the right to complain about processing of personal data. The Privacy Policy is easily accessible on SimCorp’s website.

SimCorp further provides Privacy Policies to all EU based employees, detailing the information gathered and used by SimCorp during the course of the employee’s employment with SimCorp.

SimCorp Dimension as a Service

GDPR

When providing SimCorp Dimension as a Service, SimCorp acts as data processor and the client acts as data controller with regards to any personal data hosted in SimCorp Dimension. SimCorp only processes personal data on behalf of the client and in accordance with the instructions from the client. The client has the full control of which personal data is submitted to SimCorp Dimension.

Consequently, for EU clients SimCorp offers a data processing agreement (DPA) as part of the contractual framework for SimCorp Dimension as a Service. As part of this DPA, SimCorp group companies have entered Standard Contractual Clauses in the form set out by the EU Commission to protect any personal data being transferred to SimCorp entities outside of the EU as part of the global support.

SimCorp further enters DPA’s with sub-processors. Any change in sub-processors will be notified to the client via email.

Breach notification

SimCorp commits to informing clients of any suspected or actual breaches involving their data within 48 hours. SimCorp has monitoring processes and tools to help identify such breaches in a timely manner. SimCorp will cooperate with clients to investigate and resolve any actual security breaches. SimCorp will not disclose security breach information to any third parties unless required to by law.