External Privacy Statement DTN
Version 2
Update Notice
We have updated our Privacy Statement
as of 1st December 2020.
Privacy Statement changes in version 2.0:
• Added new categories of
personal data processed in our
Weather API, Marine API and
telephone call recordings
• Added language with respect to
the transfer of data within the
DTN companies via our
Intragroup Personal Data
Transfer Agreement including
standard contractual clauses.
• Added language with respect to
California Residents (California
Consumer Privacy Act – CCPA)
in section 18
• Added new categories of
recipients (People Soft, Analytics
tools, Replicon, Salesforce
Service Cloud)
• Added changes in our entities
• Added language regarding
EU/US Privacy Shield (invalid as
of 16th of July 2020)
Thank you for visiting our website, and we
are happy to continue helping you manage
and protect your identity. If you have any
questions, please contact
privacy@dtn.com
DTN | External Privacy Statement | 01-12-2020 2 | 20
EXTERNAL PRIVACY STATEMENT DTN
Effective April 1, 2020
1 Introduction
1.1 This Privacy Policy (“Policy”) is published and used by DTN, LLC and the affiliates of DTN,
LLC, such as but not limited to the MeteoGroup group of companies (referred to as “DTN”,
“we” or “us”. It applies to all our websites, including dtn.com, meteogroup.com, dtnpf.com,
mydtn.com, and all other DTN related websites, which we refer to as “Sites”. The Policy also
applies to all our services, such as all downloadable software, mobile applications, and other
services provided by the DTN companies and on which a link to this Policy is displayed are
referred, which refer to as “Services” in this Policy. More information on the DTN companies
can be found in the below paragraph on ‘Data controllers’.
1.2 We respect privacy and value the confidence of our customers, employees, business partners,
and others. We strive to collect, process, and disclose personal information in a manner
consistent with the laws of the countries in which we do business and have a tradition of
upholding the highest ethical standards in our business practices. We comply with the
applicable laws and legislations, such as but not limited to the General Data Protection
Regulation (“GDPR”).
1.3 We work with the following definition of “Personal Data”: all information relating to an identified
or identifiable natural person. An identifiable natural person is one who can be identified,
directly or indirectly, in particular by reference to an identifier such as a name, an identification
number, location data, an online identifier or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.4 This Policy applies to the processing of Personal Data in connection to all business-tobusiness and consumer activities of DTN.
1.5 This Policy describes the personal data that we collect on or through our Services, how we
process and disclose such information during and after our relationship with us, the steps we
take to protect your Personal Data, and the rights you may have related to our Personal Data
collection and use practices. By visiting the Sites, or by purchasing or using our Services, you
accept the privacy practices described in this Policy.
1.6 This Policy is incorporated into, and is subject to, the DTN terms of use at www.dtn.com/tos.
2 DTN
2.1 DTN consists of a group of companies that provide the Sites and Services. The group consists
of multiple legal entities which all ultimately all fall under TBG Holdings (DTN) B.V. (“DTN
Companies”).
3 Data controller
3.1 A ‘data controller’ is understood to be the entity that determines the purposes and means of
processing Personal Data. This definition is derived from the GDPR.
3.2 For the processing of Personal Data in the context of the activities of an establishment of
DTN within the European Union, the data controller is MeteoGroup Nederland B.V.
DTN | External Privacy Statement | 01-12-2020 3 | 20
3.3 For all other processing of Personal Data, the data controller is DTN LLC.
3.4 Should you have any questions on this, please contact us via the details in this Policy.
4 Data Protection Officer
4.1 DTN has appointed a contact person to direct your questions on privacy or the rights you may
have to:
MeteoGroup Nederland B.V.
Att. Sylvia van Zijderveld
P.O. Box 24092,
3502 MB Utrecht
4.2 Or email privacy@dtn.com. Please note that the Legal Department also receives a copy via
this email address. We aim to respond within 30 days from the date we receive privacy-related
communications.
4.3 For the DTN Companies established within the European Union, this contact person is formally
appointed as “Data Protection Officer”.
5 How and What Personal Data and information we process
5.1 We may process, store and use the following categories of Personal Data about you where
such is necessary:
5.1.1 Name;
5.1.2 Company details (registered name, address, registration number, etc.);
5.1.3 Telephone number;
5.1.4 E-mail address;
5.1.5 Banking details;
5.1.6 IP addresses, user/client ID’s and secrets;
5.1.7 CCTV camera images and voice recordings;
5.1.8 Photographs or videos;
5.1.9 All further Personal Data that might be necessary to adhere to this Policy;
5.1.10 All further Personal Data you choose to provide to us and for which we have
determined the purposes and means.
5.2 Personal Data and further information is collected via the following sources.
5.3 User-Provided Information. We collect Personal Data voluntarily provided by users or visitors
of our Services (also referred to as “Users” or “you” in this Policy), including when you visit
the Sites, use the Services, register an account, fill out forms on the Sites, when you provide
us with your business card, when you subscribe to our newsletters, register for trainings or
DTN | External Privacy Statement | 01-12-2020 4 | 20
seminars, attend meetings or events we organise or visit our offices. We may also collect
Personal Data from you when we are establishing a business relationship, performing
professional weather services or you otherwise contact us. The Personal Data that we collect
on or through our Services may include:
5.3.1 your first and last name;
5.3.2 email address and mailing address;
5.3.3 telephone number(s);
5.3.4 organizational affiliation and further company details;
5.3.5 billing / financial information;
5.3.6 and any other information you choose to provide when you use the Services or
otherwise interact with us.
5.4 Location Information. Some of our API’s, Sites and mobile apps also collect geo-location
information. We use your location information to provide requested location-specific services,
including local weather forecasts and asset tracking. You may at any time opt-out from further
allowing us to have access to your location data by turning off the location services in your
mobile phone or browser settings. Please be aware that certain features of the mobile apps
will not perform as expected if location services are turned off.
5.5 Public sources. Personal Data may be obtained from public registers (such as the Companies
House or the Chamber of Commerce), news articles and internet searches.
5.6 Social and professional networking. If you register or login to our Websites or Services
using social media (.e.g. LinkedIn Twitter or Google) to authenticate your identity and connect
your social media login information with us, we will collect Personal Data or content needed
for the registration or login that you permitted your social media provider to share with us. Such
Personal Data and content may include your name and e-mail address and depending on your
privacy settings, additional details about you. Please review the privacy controls on the
applicable social media service to set which Personal Data you want to share with us. For
further details please be referred to the DTN Cookie statement.
5.7 Automatically Collected Information. As is true of most websites and mobile applications,
we or our third party service providers and partners (discussed below) collect information from
you over time using automated means such as cookies, beacons, or online data analytics
tools. We also automatically collect Personal Data via our security systems. This
“automatically collected” information may include:
5.7.1 CCTV camera images, photographs, voice recordings and video;
5.7.2 internet protocol (IP) addresses;
5.7.3 MAC addresses;
5.7.4 device IDs, device and browser type(s);
5.7.5 referring/exit pages;
DTN | External Privacy Statement | 01-12-2020 5 | 20
5.7.6 operating system, date/time stamp, or clickstream data;
5.7.7 and other information about the way you use the Services.
5.8 For the automatically collected Personal Data via cookies and similar techniques, please be
referred to the DTN Cookie statement.
5.9 Depending on the jurisdiction in which you reside and the laws and legislations applicable to
your situation, this automatically collected information may or may not be considered Personal
Data. We also use these technologies to collect information regarding your interaction with
DTN-related links appearing on third-party websites or in a DTN-generated email, such as
whether you click on or forward a link or message. We may link this automatically collected
data to other information you provide or we collect from you. We also may include Personal
Data in our customer relationship management records to better understand and serve you.
5.10 Do Not Track. DTN does not directly track you when you visit other websites or engage in
other activities online, so we do not register Do Not Track (DNT) signals from your
browser. However, you should review the privacy policies of other third parties that may be
operating on our Sites (discussed below) to determine whether they honour DNT signals. For
more information on “do not track” options, please see: http://donottrack.us/.
5.11 Analytics. We automatically collect Personal Data to make use of analytics tools such as
Google Analytics and Eloqua to analyse trends, administer and improve our Services, and
track Users’ movements around the Services and on the Internet, and to gather demographic
information about our user base as a whole. These third party analytics companies do not seek
to identify individual users or to receive personally identifiable information except as may occur
when they use your IP address. This information helps us to improve our Services and deliver
a better and more personalized service. Many of these companies, such as Google Analytics,
collect and use information under their own privacy policies, which we encourage you to
review. For more information about Google Analytics or Eloqua analytics and their privacy
policies, please visit the Google Analytics privacy page and/or the Google Partners’ Page and
the Eloqua privacy page. You may opt-out of Google Analytics or Eloqua web monitoring by
following the instructions on the Google Analytics Web Monitoring Opt-Out page or the Eloqua
Web Monitoring Opt-Out page. For further details please be referred to the DTN Cookie
statement.
5.12 Clients. DTN may enter into an agreement with a customer that engages us to perform
professional weather services. When performing these activities, these customers may share
Personal Data with DTN for which these customers are data controllers.
5.13 DTN has taken great care in setting out which Personal Data is processed by us. It may
however be necessary for us to process additional Personal Data. When such happens, DTN
will adhere to the safeguards as set out in this Statement.
5.14 If you fail to provide mandatory Personal Data when requested, we may not be able to perform
the contract we have entered into with you or the company you work for, or we may be
prevented from complying with our legal obligations. Certain information is necessary to enter
into an agreement with us and if not provided, we may not be able to enter into such agreement
with you.
DTN | External Privacy Statement | 01-12-2020 6 | 20
6 Special categories of Personal Data
6.1 Save for some specific circumstances, we do not intend to collect, store and use special
categories of Personal Data, which is a definition that is derived from the GDPR.
6.2 When we do need to process such Personal Data, we may request your consent to do so.
Examples of special categories of Personal Data we may obtain are dietary restrictions or
physical health access requirements e.g. when registering for events or trainings.
7 E-mail
7.1 If you receive commercial emails from us, you may unsubscribe at any time by following the
instructions contained within the email or by sending an email to the address provided in the
“Contact Us” section below. Please be aware that if you opt-out of receiving commercial email
from us, it may take up to ten (10) business days for us to process your request. Additionally,
even after you opt-out from receiving commercial messages from us, you will continue to
receive otherwise permitted administrative messages from us regarding the Services.
8 Financial partners
8.1 At times DTN may allow a customer to purchase or lease products or equipment and/or to
make payments through the Services. In such event, DTN may use a third-party shipping
company, such as UPS or FedEX, to fulfil customer orders through the Sites, and may also
use a credit card processing company to bill you for goods or services that you request. The
current credit card processing company that DTN uses is called CyberSource®, and more
information about this company can be found at: www.cybersource.com. DTN takes all
reasonable measures to select third-party agents for fulfilment and financial processing that
agree to not retain, share, store, or use your personal or financial information for any other
purposes than fulfilling orders or enforcing customer agreements.
9 Advertising
9.1 We may also partner with a third party, including our current partner AdRoll, to display
advertising on our Services and/or to manage our advertising on other websites and platforms.
For further details please be referred to the DTN Cookie statement.
10 How We Use Personal Data – purposes of processing
10.1 DTN processes Personal Data for the following purposes:
10.1.1 As is necessary for the performance of contracts we have with you, or at your
request prior to you entering into a contract with us (e.g., to send you product or
billing information);
10.1.2 Allowing DTN to provide, promote and improve products and services;
10.1.3 To solicit, service and communicate with you;
10.1.4 Organizing events for prospects and customers;
10.1.5 Providing prospects and customers access to our products and services (including
by means of verification of your identity and login data);
DTN | External Privacy Statement | 01-12-2020 7 | 20
10.1.6 Allowing DTN to manage our business operations and complying with internal
procedures and policies (for example, monitoring of compliance to rules,
procedures and policies such as e.g. internal and external audits or
investigations);
10.1.7 Allowing DTN to purchase products and services and communicate with the
(representatives of the) companies that supply such (for example, (personally
owned) weather stations);
10.1.8 Allowing DTN to support suppliers (for example, owners of weather stations);
10.1.9 Allowing DTN to secure its property (for example, by conducting CCTV for security
reasons for the various DTN offices);
10.1.10 Participation in DTN’s marketing initiatives or branding activities;
10.1.11 Allow DTN to show advertisements;
10.1.12 To comply with our legal obligations.
10.2 DTN does not use Personal Data to make solely automated decisions about you or to make
decisions about you that are likely to procedure legal or similarly significant effects.
10.3 We will only use Personal Data for the purposes for which we collected it. It may however be
possible that we reasonably consider that we need to use it for another purpose, which is
compatible with the initial purpose. If we need to use your Personal Data for an unrelated
purpose, we will notify you.
10.4 DTN does not sell or rent your Personal Data to third parties. When you give us Personal Data,
DTN will not share that information with third parties without your permission, other than for
the limited exceptions and purposes described in this Policy or as otherwise permitted by
applicable law.
11 Legal grounds
11.1 We may rely on the following legal grounds when process Personal Data:
11.2 Contract: we may process Personal Data as the processing is necessary for the performance
of a contract to which you are a party or in order to take steps at your request prior to entering
into a contract.
11.3 Consent: we may rely on your consent for the processing of Personal Data for one or more
specific purposes.
11.4 Legitimate interests of DTN: we may process Personal Data as the processing is necessary
for the purposes of the legitimate interests pursued by DTN or a third party, except where such
interests are overridden by your interests or fundamental rights and freedoms which require
protection of Personal Data, in particular where you are a child. Such legitimate interests
include:
11.4.1 Our products and services: to provide, promote and improve products and
services;
DTN | External Privacy Statement | 01-12-2020 8 | 20
11.4.2 Interaction: to interact and communicate with prospects, customers, suppliers
and other third parties;
11.4.3 Events: to organise events for you;
11.4.4 Access: to you with access to our products and services (including by means of
verification of your identity and login data);
11.4.5 Business operations: to manage DTN’s business operations and complying with
internal procedures and policies;
11.4.6 Procurement: to purchase products and services and communicate with the
(representatives of the) companies that supply such;
11.4.7 Support: supporting suppliers;
11.4.8 Security: to secure the DTN property;
11.4.9 (Direct) marketing: to deliver information about our products and services,
market insights and specialty knowledge we believe is welcomed by our business
clients, subscribers and individuals who have interacted with us;
11.4.10 Changes in our business and organization: we may restructure, expand or
reduce our business and this may involve the sale and/or transfer of control of all
or part of our business. Any Personal Data that you have provided will, where it is
relevant to any part of our business that is being transferred, be transferred along
with that part and the new owner or newly controlling party will, under the terms of
this Privacy Statement, be permitted to use that Personal Data only for the same
purposes for which it was originally collected.
11.5 Legal obligations: we may process Personal Data as this is necessary for compliance with a
legal obligation to which DTN is subject.
12 Recipients of Personal Data
12.1 The following (categories of) third-party service providers receive Personal Data:
12.1.1 The companies providing software;
12.1.2 The companies providing product development services;
12.1.3 The party providing financial services;
12.1.4 Our IT system support company;
12.1.5 The marketing services providers;
12.1.6 Our financial partners;
12.1.7 Other parties that support us in providing our services e.g. providers of
telecommunication systems, archiving services, data management and cloudbased software services (e.g. our online marketing and sales tools).
DTN | External Privacy Statement | 01-12-2020 9 | 20
12.2 All third party service providers and other entities in the group are required to take appropriate
security measures to protect Personal Data as set out in our policies. We do not allow our
third-party service providers to use Personal Data for their own purposes.
12.3 We may share Personal Data with other third parties, for example in the context of a possible
sale or restructuring of the business. We may also need to share Personal Data with a
supervising authority or a regulatory body, or to otherwise comply with the law or the legal
obligations that DTN is subject to.
13 Intragroup sharing of Personal Data
13.1 Where necessary, Personal Data may be shared with the DTN Companies for administrative
purposes, for business restructuring purposes and to provide professional services to our
customers, as part of our regular reporting activities on company performance, for system
maintenance support and hosting of data.
13.2 The DTN entities are located everywhere around the world. We may share Personal Data with
DTN Companies not located within the European Economic Area (hereinafter: “EEA”).
13.3 To safeguard the transfer within the DTN Companies, all entities have entered into a Intragroup
Personal Data Transfer Agreement. This agreement includes the contractual model clauses.
Should you wish to review such safeguards, please contact us via the details as included in
this Policy.
14 Transfer of Personal Data outside the EEA
14.1 Our partners are located throughout the world. Depending on the scope of your interactions
with DTN, your Personal Data may be stored in or accessed from multiple countries, including
the United States. Whenever we transfer Personal Data or make it available outside of the
jurisdiction where we collected it, we will ensure that the information is transferred in
accordance with this Privacy Policy and as permitted by applicable data protection laws, such
as but not limited to the GDPR. If applicable, you may obtain a copy of the applicable
safeguards. An overview of transfers is provided to table 1 as attached to this Policy.
15 Retention
15.1 DTN will retain your Personal Data for as long as necessary for the purposes we collected it
for. Specific retention times can be found in table 2 as attached to this Policy. Please note that
these retention times apply under the condition that should DTN be required to store the
Personal Data for a longer period of time, DTN may do so.
16 Security Measures
16.1 DTN strives to protect and secure Personal Data in the most optimal way. ISO-certifications
form a large part of our endeavours in this respect and we are constantly working on improving
our standards throughout the DTN Companies. The DTN Companies comply with the security
standards as reflected in the applicable laws and legislation in this respect such as but not
limited to the GDPR.
16.2 DTN holds a wide range of international certifications, based on globally recognized standards
such as ISO 9001, ISO 27001, ISO 22301, ISO 45001 and ISO 14001. These certifications
are unique to each DTN company* and are an independent endorsement to the superior level
of quality with which we operate and enables us to make certain that the services we deliver
DTN | External Privacy Statement | 01-12-2020 10 | 20
to our clients are of consistent high quality, secure, compliant and fit for purpose. *Please note
that ‘DTN’ in this provision refers to DTN generic branding, however the entity names may
differ. The exact certified entity is indicated on each certificate.
16.3 To learn more about the ISO 27001, click here to download.
17 Your obligations and Rights
17.1 It is important that your Personal Data is accurate and up to date. Please therefore keep us
informed via the means we provide to you.
17.2 Upon a reasonable request, Users of which the processing of Personal Data is covered by the
GDPR may have the following rights:
17.2.1 Request access to your Personal Data (known as a ‘data subject access
request’);
17.2.2 Request correction of the Personal Data that we hold about you;
17.2.3 Request erasure of your Personal Data;
17.2.4 Object to processing of your Personal Data;
17.2.5 Request the restriction of processing of your Personal Data;
17.2.6 Request the transfer of your Personal Data to another party;
17.2.7 Withdrawal of consent that you have previously provided. This will not affect the
lawfulness of any processing carried out before you withdraw your consent. It may
mean we are not able to provide certain products or Services to you and we will
advise you if this is the case;
17.2.8 File a complaint with the appropriate data protection authority.
17.3 To invoke your rights, you may contact us by using the information provided in this Policy. In
order to comply with these requests, we may ask you to verify your identity. Please note that
your rights may be limited in certain cases – for example, if fulfilling your request would reveal
information about another person, or if you ask to delete Personal Data which we are permitted
by law or have compelling legitimate interests to keep. Permissible changes will be reflected
in our databases within a reasonable period of time.
18 California Residents
18.1 The California Consumer Privacy Act of 2018 (the “CCPA”) requires DTN to make certain
disclosures that already are covered in this Policy. This section provides an overview of the
information required by the CCPA and an includes a description of how California residents
can exercise the rights available under the CCPA.
18.2 In order to operate the Application and to maximize your experience, we have collected and
used in the past 12 months the Personal Data described in section 5 of this Policy, which
includes the following categories of information as defined by the CCPA: identifiers, internet
or other similar network activity, and location data. The sources from which we collect your
Personal Data are also provided in section 5 and further details regarding the business
DTN | External Privacy Statement | 01-12-2020 11 | 20
purposes for our collection are set forth in section 10. Section 12 of this Policy describes the
categories of third parties with which your Personal Data may have been shared in the last 12
months.
18.3 DTN does not and does not intend in the future to sell your Personal Data.
18.4 Under the CCPA, California consumers have certain rights similar to those set forth in section
17. The following information further explains these rights, provides instructions for submitting
CCPA requests, and generally describes the process DTN will use to verify and respond to
CCPA requests:
18.4.1 You may request twice within a 12 month period that DTN disclose the categories
of Personal Data collected about you in the 12 months preceding your request, the
categories of sources from which the Personal Data was collected, the business or
commercial purposes for which Personal Data was collected, and the categories of
third parties with whom DTN shared your Personal Data. You may also make a
request for the specific pieces of Personal Data that we have collected about you.
If we are able to provide this information electronically, we will do so in a portable
format.
18.4.2 Additionally, you have the right to request that DTN delete your Personal Data from
our systems. DTN will take reasonable steps to fulfil your request, however, in
certain circumstances we will be unable to delete all of your Personal Data as DTN
is lawfully authorized to retain certain categorizes of your Personal Data for
legitimate business and regulatory purposes. In instances where DTN is not
required to delete of your Personal Data, DTN will notify you of those categories of
Personal Data that we did not delete and will provide an explanation as to why the
information could not be deleted.
18.4.3 Only you, or someone legally authorized to act on your behalf, may make a verifiable
consumer request related to your Personal Data. Please note that DTN must be
able to verify your identity in order to comply with your requests under this section.
To do so, DTN will seek to associate the information provided by you when making
a request with Personal Data we have collected about you previously. If we are
unable to appropriately verify your identity, we may ask you to contact us to provide
additional information or explain why we are unable to complete your request. If you
are requesting specific pieces of Personal Data as the authorized agent of a
California consumer, we will ask you also to submit reliable proof that you have
been authorized in writing by the consumer to act on such consumer’s behalf.
18.4.4 California residents may submit any of the requests described in this section by
email to privacy@dtn.com. Please include with your request your full name,
preferred contact information and the nature of your request. Making a verifiable
consumer request does not require you to create an account with us.
18.4.5 We endeavor to respond to verifiable consumer requests within 45 days of receipt.
If we require more time (up to 90 days), we will inform you of the reason and
extension period in writing. We do not charge a fee to process or respond to your
verifiable consumer request unless it is excessive, repetitive, or manifestly
unfounded. If we determine that the request warrants a fee, we will tell you why we
made that decision and provide you with a cost estimate before completing your
request.
DTN | External Privacy Statement | 01-12-2020 12 | 20
18.5 DTN may not and will not discriminate against any California consumer for exercising any of
the rights described in this section, including in terms of price or services that we offer.
18.6 California Civil Code Section 1798.83, also known as California’s “Shine the Light” law, also
allows California residents to request certain information regarding our disclosures in the prior
calendar year, if any, of Personal Data to third parties for their own direct marketing purposes.
If applicable, you may be able to opt-out of our sharing of your Personal Data with unaffiliated
third parties for the third parties’ direct marketing purposes. Please send your request under
Section 1798.83 (along with your full name, email address, postal address, and the subject
line labelled “Your California Privacy Rights”) to privacy@dtn.com. We will attempt to provide
you with the requested information within 30 days of receipt. Please note that not all Personal
Data sharing is covered by Section 1798.83’s requirements.
19 Links and Third Party Websites
19.1 The Sites may contain links to other websites. Please be aware that we are not responsible
for the privacy practices or the content of such other websites. We encourage our Users to
read the privacy statements of each and every website they visit. This Policy applies solely to
information collected by us through the Sites and does not apply to these third-party websites.
The ability to access information of third parties from the Services, or links to other websites
or locations, is for your convenience and does not signify our endorsement of such third
parties, their products, their services, other websites, locations, or their content.
19.2 Also, DTN may allow select third parties to offer subscription services or fee-based products
through the Sites. DTN makes no guarantees in regard to the policies of these parties, so you
should investigate each site’s privacy policy before providing Personal Data to third parties.
20 Children Should Not Provide Information to Us
20.1 None of our Services are intended for use by children, and we have no desire to collect
Personal Data from those under the age of 13 (“Children”). DTN requests that Children DO
NOT provide Personal Data to us. In an instance where such Personal Data was collected it
would be purely accidental and unintentional. If we become aware that Personal Data has
been submitted by a Child, the information will be deleted from the DTN databases. DTN
encourages parents to discuss the Internet with their Children and monitor Personal Data that
a Child may provide via the Internet.
21 Change in Ownership
21.1 In the event of a change in ownership of DTN as a result of a sale, merger, acquisition or
bankruptcy, then DTN reserves the right to, subject to this Policy, transfer all of your Personal
Data to a separate entity. DTN will use commercially reasonable efforts to notify you (e.g., by
posting on its Sites, issuing a press release, or notification by e-mail) of any change in
ownership.
22 Policy Changes & Updating Information
22.1 DTN reserves the right to modify this Policy whenever the need arises. Updates to this Policy
will be posted to the Services in a timely manner. When such updates are made, the “last
updated” date at the top of this Policy will be modified. This policy is not a contractual
agreement and does not provide you with any legal right. Unless otherwise specified, the Sites,
its content, and its domain name and URLs are the sole property of DTN.
DTN | External Privacy Statement | 01-12-2020 13 | 20
23 Questions
23.1 Should you have any questions, you may contact us via the following details:
EU / EEA citizens:
MeteoGroup Nederland B.V.
Att.Sylvia van Zijderveld
P.O. Box 24092,
3502 MB Utrecht
Non-EU / EEA citizens:
DTN, LLC
ATTN: Privacy/Marketing
11400 Rupp Drive
Burnsville, MN 55337
Phone: 1-800-485-4000
Email: privacy@dtn.com
23.2 DTN will investigate and attempt to resolve complaints and disputes regarding use and
disclosure of Personal Data by reference to the principles contained in this Statement.
DTN | External Privacy Statement | 01-12-2020 14 | 20
Table 1
Categories of recipients inside the EEA (including names of
recipients as an example)
Arrangements
IT and Technology services providers
• MTI
• Piksel
• EPAM
• JKP
Data Processing Agreement
Financial software providers
• People Soft
Data Processing Agreement
Tax Authorities and Agencies
• Local Tax Authorities
A data processing agreement is not required
since this category of recipients is a controller
itself.
Accountants and auditors
Various accountants and auditors (e.g. PWC, Splendor, Grant
Thornton, vRP (ISO), TÜV Nord)
Data processing agreements are not required.
Office Software applications
• Microsoft Office 365
• Amazon Web Services (Frankfurt / Ireland)
Data Processing T&C as part of Service
Agreement
Communication solution providers
• VoIP Studio
Data Processing Agreement
Resellers / partners of MeteoGroup
• E.g. Kisters
Data processing agreements may be required,
this will be decided on a one-by-one case (e.g.
with Kisters a DPA is available).
Analytics tools
Google Analytics and Google Firebase
Segment
https://cloud.google.com/terms/data-processingterms
https://segment.com/legal/data-protectionaddendum/
Replicon Project Management Software
Data Processing Agreement
Categories of recipients outside EEA Location Safeguards
DTN and MeteoGroup entities outside
EEA
Philippines, USA, Canada,
Switzerland, UK, Australia
Adequacy decisions (Canada and
Switzerland)
Intragroup Personal Data Transfer
Agreement (including Standard
Contractual Clauses)
Document Management System
Software providers
• Box
USA
(Data is stored inside EEA
via Box Zones)
Data Processing Agreement including
Standard Contractual Clauses (SCC)
Corporate Binding Rules
Privacy Shield (invalid as of 16-7-2020)
Contract Management System Software
providers
• Concordnow.com
USA
(Data is stored inside EEA)
Data Processing arrangements in Privacy
Policy
Table 2
DTN | External Privacy Statement | 01-12-2020 15 | 20
Record type Access Retention Period
Customer data in our Finance Systems (PeopleSoft,
Afas Profit, servers and previous used systems such
as Aptos and Sage) and Order Management System
Name and contact details (address, email and phone
number), bank account numbers
Finance employees
(admin staff)
Financial Controllers
Head of Accounting
Accounting Manager
7 years after approval of
Financial Statement /
Annual Report (Tax Law) –
global retention period
therefore is 10 years
Supplier data in our Finance Systems, PeopleSoft,Afas
Profit, servers and previous used systems such as
Aptos and Sage)
Name and contact details (address, email and phone
number), bank account numbers
Finance employees
(admin staff)
Financial Controllers
Head of Accounting
Accounting Manager
7 years after approval of
Financial Statement /
Annual Report (Tax Law) –
global retention period
therefore is 10 years
Customer data in Sales Systems (SalesForce Service
Cloud
Name, contact details (address, email, phone number)
Customer Service
Contract Manager
Sales staff
Account Managers
SF Administrators
(elevated rights)
During the contract
period if data has financial
impact: 7 years after
approval of Financial
Statement / Annual Report
(Tax Law) – global
retention period therefore
is 10 years
Credit card information in our Order Management
System or via Online Bill Pay Portal and/or
CyberSource
Credit card number replaced by token ID in Order
Management
Finance and admin staff
Head of Accounting
Accounting manager
DTN does not store
customer credit card
information
Data of customers, ex-customers, prospects and other
contacts in Marketing Systems (Eloqua)
Name, contact details (address, email, phone number)
Global Marketing
Automation Manager
MarCom Operations
3 years (for ex customers
and prospects/contacts
older than 3 years who
haven’t engaged with
Eloqua emails/forms in the
past 24 months) or
< 1 month in case of optout.
Contract data in Contract Management Systems
(Concordnow)
Name, contact details (address, email, phone number)
Contract Manager During the contract
period if data has financial
impact: 7 years after
approval of Financial
Statement / Annual Report
(Tax Law) – global
retention period therefore
is 10 years
Customer data in our Production Systems (such as
PPF Weather Room, RMI Platform Data Provisioning,
Energy platform, Armorhead, RBS, MeteoGuard,
Microsoft Access Scripts, RoadMaster, etc.)
Name and contact details (email address, fax and
telephone numbers), FTP credentials
Employees of the
Weather Rooms,
Product and Data
Provisioning team,
Developers (internal and
During the contract
period if data has financial
impact: 7 years after
approval of Financial
Statement / Annual Report
DTN | External Privacy Statement | 01-12-2020 16 | 20
Record type Access Retention Period
external such as
EPAM).
(Tax Law) – global
retention period therefore
is 10 years
Customer data in WSO Weather Sentry Online
Name and contact details (recipient / account information)
first name and last name, email address, IP address, client
ID and Secret (username/password) encrypted, geo
location(s) including user location, (company) address,
telephone number
Customer Service
Product Management
Developers
Team Weather Room
All DTN employees with
active login
No longer than necessary
for the performance of the
service or use of the
product.
Customer data in Authentication Management Tool of
Weather API and Marine API
Name and contact details (email address, (company)
address, telephone numbers), client ID and Secret
(encrypted)
Product Management
Developers
All MeteoGroup / DTN
employees with active
login
No longer than necessary
for the performance of the
service. Client secret
(password) is sent once
and not stored.
Personal data in Weather API and Marine API logs:
Personal data long logs: parameters, endpoint, client ID,
geo location (coordinates), request time stamp, request.
Purpose: Generate automated usage reports, prepare data
for potential load test scenarios (more accurate simulation
of production load to optimize product), issue discovery
and problem solving, understanding of user cases.
Personal data 2 week logs: parameters, endpoint,
client/user ID, IP address, geo location (coordinates),
request time stamp, request. Purpose: Generate additional
information about requests that failed for any reason, used
for debugging and problem solving.
Weather API Team,
Production Team
Long logs: for the duration
of the service,
anonymized after service
end.
Two (2) week logs: 2
weeks
Customer data in SPOS, RBS SPOS and Informix
Database
Name, email addresses and passwords of ship captains
Customer Service
Product Management
Developers
During the contract
period if data has financial
impact: 7 years after
approval of Financial
Statement / Annual Report
(Tax Law) – global
retention period therefore
is 10 years
Customer data in RouteGuard, FleetGuard, RBS,
Armorhead and Informix Database
Name, email addresses and passwords of ship captains
and customer operators
Customer Service
Product Management
Developers
Team Weather Room
Route Analysts
Note: This includes our
team in Manila PH.
During the contract
period if data has financial
impact: 7 years after
approval of Financial
Statement / Annual Report
(Tax Law) – global
retention period therefore
is 10 years
Customer data in RBS Offshore dataset for PDF
forecasts and OCW (Offshore Customer Website),
Informix Database
Customer Service (RBS
GUI)
During the contract
period if data has financial
DTN | External Privacy Statement | 01-12-2020 17 | 20
Record type Access Retention Period
Name, email addresses and passwords of operators Product Management
Developers
Offshore team Weather
Room
impact: 7 years after
approval of Financial
Statement / Annual Report
(Tax Law) – global
retention period therefore
is 10 years
Customer data in WWP Weather Window Planner
Admin, MySQL Database, webapp.nowcastingint.com
Name, email addresses, usernames and passwords of
operators
Customer Service
Product Management
Developers
During the contract
period if data has financial
impact: 7 years after
approval of Financial
Statement / Annual Report
(Tax Law) – global
retention period therefore
is 10 years
Customer data in Nowcasting Pro Administration,
MySQL Database
Name, email addresses, usernames and passwords of
operators
Customer Service
NCPro6 superuser
Product Management
Developers
During the contract
period if data has financial
impact: 7 years after
approval of Financial
Statement / Annual Report
(Tax Law) – global
retention period therefore
is 10 years
Customer data in MetOceanPro Admin / MetOcean Data
Server
Name, email addresses, usernames and passwords of
operators
Customer Service
MetOcean Analyst
Product Management
Back Office Team
System Administrator
During the contract
period if data has financial
impact: 7 years after
approval of Financial
Statement / Annual Report
(Tax Law) – global
retention period therefore
is 10 years
Customer data in Weather Room Apps for forecaster
discussion, Presentation Creator and FOD Creator,
Churada
Email addresses of operators
Customer Service (RBS
GUI)
Product Management
Developers
Offshore team Weather
Room
No longer than necessary
for the performance of the
service.
Social media export functionalities via Social Media
Platform H4
Facebook, Twitter and YouTube accounts of
customers/prospects of Weather Presenter (only when
manually provided by user)
n/a Data is not stored locally.
API/Plugin provided by
Social Media platforms
used.
Customer data for HydroMaster trials
Name (first and last name), address, email addresses,
phone numbers (including mobile), Twitter account
Sales staff with
customer credentials
Product Manager
Developers
No longer than necessary
for the performance of the
service.
DTN | External Privacy Statement | 01-12-2020 18 | 20
Record type Access Retention Period
Third parties (Kisters,
DHI)
User data in Zima / Glaette 24 (KDM)
Name, email addresses, usernames, passwords, phone
numbers
Customer Service
Product Management
Sales/Account
Managers
Platform Team
Forecasters Weather
Room Germany/Poland
Developers
Third party: Piksel
No longer than necessary
for the performance of the
service.
Customer data in RoadMaster Action Log Distribution
List (RMP MongoDB, AWS Ireland)
Email addresses
Customer Service
Product Management
Sales/Account
Managers
Platform Team
Forecasters Weather
Room
Developers
No longer than necessary
for the performance of the
service.
User data in RoadMaster Mobile App CSC Database
Email addresses
Customer Service
Product Management
Sales/Account
Managers
Developers
No longer than necessary
for the performance of the
service.
Customer data in Transport customer contacts
(Gladheid.nl, RoadMaster, RunwayMaster, Aircraft
IceGuard, RBS Informix, UCS MySQL, AWS Ireland)
Names, email addresses, phone numbers
Customer Service
Product Management
Sales/Account
Managers
Developers
No longer than necessary
for the performance of the
service.
Customer data in Transport Email Distribution List
(RBS Informix UCS MySQL, AWS Ireland)
Email addresses
Customer Service
Product Management
Sales/Account
Managers
Developers
No longer than necessary
for the performance of the
service.
User data in Transport website users Gladheid.nl,
RoadMaster, Vinterhalka, RunwayMaster, Aircraft
Iceguard (RBS Informix UCS MySQL, AWS Ireland
Names, email addresses, usernames and passwords
Customer Service
Product Management
Sales/Account
Managers
Developers
No longer than necessary
for the performance of the
service.
Customer data in MeteoFeed (Telehouse DB)
Names, email addresses, client ID, FTP credentials
Product Director
Weather Data
Sales
Customer Service
No longer than necessary
for the performance of the
service.
DTN | External Privacy Statement | 01-12-2020 19 | 20
Record type Access Retention Period
Data Integration Team
Developers
Customer data in KUBE (cluster DB)
Names, email addresses, client ID, FTP credentials
Product Director
Weather Data
Sales
Customer Service
Data Integration Team
Developers
No longer than necessary
for the performance of the
service.
Customer data in Lightning Tracker
Names, email addresses
Product Director
Weather Data
Persons with dedicated
access rights
No longer than necessary
for the performance of the
service.
Customer data for severe weather warning services
Names, email addresses, phone numbers
Product Director
Weather Data
Platform Team
No longer than necessary
for the performance of the
service.
Personal data from contracting partners and station
operators of Measurement Network Germany and
Switzerland (Messnetz, Metrilog, KUBE, Excel,
Confluence), including mailing lists
Names, email addresses, telephone numbers, WhatsApp,
geolocation and coordinates of weather stations,
photographs (this may include private properties)
Measurement Network
Team
Data Quality Team
Manila PH
No longer than necessary
for the performance of the
service.
Facilities access data and images from surveillance
cameras (CCTV)
Key card (“badge”) number and CCTV recordings which
may be associated with the building(s) and carpark(s) to
which you have access to each location, the reason(s) for
which you were given access, “access data” (including the
time you entered and exited security checkpoints using
your badge or as a recording on CCTV), or similar
information, all in accordance with applicable law.
Back Office Team staff
(admins).
Keycards, tokens and
badges administration:
Dedicated Reception /
Admin staff and building
management.
Employees defined in
CCTV protocol
Facility access data:
Within 1 month after your
visit.
CCTV: 1 month, unless
those images can
contribute to prove an
offense, damage, incivility
or allow to identity a
perpetrator, a disruptor of
the public order, a witness
or a victim.
Photographs and video images for company use and
commercial use
BOT Service
manager / web
design
MeteoGroup has a
legitimate interest for
publishing photographs on
website and commercial
material, however will only
do this with prior consent
of your organization.
Personal data in business emails
MeteoGroup has a legitimate interest to have litigation hold
(set in MS Office 365) and retention time on email and will
not need active consent of the data subject for this.
Employee
BOT admins with
special authorization
7 years
DTN | External Privacy Statement | 01-12-2020 20 | 20
Record type Access Retention Period
Telephone call recordings
Name and surname, contact details (if provided during
call), date/time of recording
BOT Team Lead
Third parties:
MTI
VoIP Studio
No longer than necessary
for the purpose of use,
however with a maximum
of 6 months
