Last Updated January 2023
The main reasons (see also Section of this Policy titled “IDENTIFIED PURPOSES“) why we collect, process, store, and share personal data about our employees, customers, suppliers and others (e.g. users of our webpage) who interact with BISim are the following:
These are the main reasons why we collect and use data about our customers and others who interact with BISim:
- If you are an employee of BISim to keep standard employee records and to carry out any HR related actions.
- To enable us to provide you with our products and services, including customer support services.
- To provide the services or information you sign up for, such as newsletter subscriptions.
- To carry out marketing analysis and send you communications when we have your permission, or when permitted by law.
We think carefully about our use of personal data, and below you can find the details of what we do to protect your privacy. This policy covers, among other topics:
- Information about your rights and our obligations
- Clarity about our dealings with you and transparency about how we collect and use your personal data
- Commitments on how we protect your personal data
- Commitments on how we will facilitate your rights and respond to your questions.
Effective from 4 March 2022, the BISim group of companies was acquired by a subsidiary of BAE Systems group of companies, namely: BAE Systems Technology Solutions & Services, Inc..
IDENTIFICATION OF DATA CONTROLLER(S)
The data controller (meaning the legal person that determines the purposes and means of processing of personal data) of your personal data is either:
(i) Bohemia Interactive Simulations k.s., ID: 284 76 506, with its registered seat at Pernerova 42, 186 00 Prague, Czech Republic or
(ii) Bohemia Interactive Simulation Inc., Registered Number: 610A00007666, with its registered seat at 3050 Technology Parkway, Suite 110, Orlando, FL 32826, USA.
The other affiliates of the BISim group of companies are in the position of data processors of your personal data, if necessary. For the avoidance of doubt, references in this document to “BISim” in any consent given per Art 6 and 7 of GDPR refers to one of the applicable data controllers as set out above.Apart from the data controllers identified within the BISim group of companies, BISim hereby informs the data subjects that his/her personal data might be shared within the BAE Systems group of companies under the IGA. Each of the BAE Systems affiliates that is a party to the IGA can be in the position of respective data controller or data processor, depending on the particular case.
BISim’s objective is to implement and maintain appropriate technical, security and organizational measures to protect personal data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure. In particular, to achieve this goal BISim aims to ensure that personal data is:
- processed lawfully, fairly and in a transparent manner in relation to the individual (data subject) ('lawfulness, fairness and transparency');
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; However, further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes as permitted by relevant laws may not be considered to be incompatible with the initial purposes ('purpose limitation');
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ('data minimization');
- accurate and, where necessary, kept up to date; in this regard we will take reasonable steps to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay ('accuracy');
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures required by applicable laws and regulations in order to safeguard the rights and freedoms of the individual (data subject) ('storage limitation'); and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures ('integrity and confidentiality').
BISim’s policy is to obtain prior consent from the data subject to the collection, use, processing or disclosure of personal data, except where otherwise required or permitted by law. Our goal is to request consent in an intelligible and easily accessible form, using clear and plain language. Consent may be express or implied, depending on the circumstances. When appropriate, the written consent of the individual (data subject) will be requested (e.g. by mail, email or other electronic means). If the consent is given in the context of a written declaration or form which also concerns other matters, the request for consent will be presented in a manner which is clearly distinguishable from the other matters. Sometimes, an individual's consent may be obtained verbally or implied through his or her conduct or dealings with BISim. BISim generally does not require an individual to consent to collection, use, processing or disclosure of personal data as a condition of the provision of a product or service, beyond that which is necessary to provide the product or service or processing is necessary for the performance of a contract to which the individual (data subject) is party or in order to take steps at the request of the individual (data subject) prior to entering into a contract. However, some personal data may be requested that is optional for an individual to provide in order to improve the user experience or to help BISim improve the products or services it offers and provides. BISim may collect, use or disclose personal data without notice or consent only where permitted or required by law. Consent may be varied or withdrawn at any time subject to legal limitations and reasonable notice if required by law (without affecting the lawfulness of processing based on consent before its withdrawal). BISim will advise the individual of any consequences of a variation or withdrawal.
1IGA = International Intra-Group Data Protection Agreement executed among BAE Systems plc and other BAE Systems affiliates, dated 25 May 2018, as amended. More info: go to Section “Transferring and sharing personal data”.
CONSENT FOR BISIM’S MAILING LIST
In order to keep the data subject(s) updated and in touch with BISim, data subject(s) might provide consent for Mailing List. Such a consent is considered as a specific one and the data subject (you) by registering for the Mailing List is providing its consent for BISim to (i) communicate with you about BISim and TerraSim product releases, development news, videos, special events, and programs; (ii) respond to your inquiries; (iii) enable sales and business developers to contact you directly about our products and services offerings; (iv) publicize events BISim is sponsoring, exhibiting at or attending and invite you to product or technology demonstrations and (v) solicit feedback about product and technology features and services through surveys (“Mailing List”).
The cookies that are used by BISim via third parties as defined below are analytical and performance cookies. These collect information about the use of the Website and help to improve the way the Website works. For example, performance cookies may show which are the most frequently visited pages, help to record any difficulties with the Website and show whether advertising on the Website is effective or not. This helps us to improve the way the Website works, for example, by ensuring that users are finding what they are looking for easily. Such cookies do not collect information that identifies a user personally and all information that is collected by these cookies is aggregated and anonymous. The cookies used for analytics help collect data that allows services to understand how users interact with a particular service. These insights allow services both to improve content and to build better features that improve the user’s experience.
Third parties using and processing the cookies are the following:
Google Analytics - Google Analytics helps site and app owners understand how people engage with a service, uses a set of cookies to collect information and report site usage statistics without personally identifying individual visitors to Google. ‘_ga’ is the main cookie used by Google Analytics. ‘_ga’ enables a service to distinguish one user from another and lasts for 2 years. It’s used by any site that implements Google Analytics, including Google services.
More information and relevant policies:
More information and relevant policies:
Facebook Pixel - Cookies are used to better understand how users use the Facebook Products. For example: Cookies can help to understand how users use the Facebook service, analyse which parts of the Facebook Products users find most useful and engaging, and identify features that could be improved. As user, you can view your settings Facebook ads settings and update their preferences at any time.
When you visit the Website for the first time, we will show you a pop-up with an explanation about cookies. As soon as you click on "I agree", you consent to us using the cookies in line with the applicable policies described herein.
COLLECTION OF DATA
In order to provide services or information to its customers, prospective customers, website visitors and others, BISim collects certain types of data from them. This section describes how data is collected and used by BISim.
The Personal Data We Collect:
BISim collects and retains only the personal data that is required to meet the purposes identified by BISim. BISim is committed to collecting personal data in a fair, open and lawful manner. For this reason, BISim does not indiscriminately collect personal data. The type of personal data we may collect includes contact information (such as name, postal address, email address, telephone or fax numbers, etc.) but we may from time to time request a data subject to optionally provide demographic information or product or service preferences or usage patterns. When a data subject inquires about products or services or orders products or services, or engages in activities such as participating in BISim-organised events downloading demos or subscribing to a newsletter, the data subject may provide information such as name, company name, job title and department, email, address, telephone and facsimile numbers, and other relevant data. BISim may also collect, record and analyze information of visitors to its website. We may record your IP address. BISim may add information collected by way of page view activity. Furthermore, BISim may collect and process any personal data that you volunteer to us in our website’s forms, such as when you subscribe to a service or submit an enquiry or technical support request. Such personal data may comprise your IP address, first and last name, your postal and email address, your telephone number, your job title, your areas of interest, interest in BISim’s products, and certain information about the company you are working for (company name and address), as well as information as to the type of relationship that exists between BISim and yourself. Our website also provides for an easy way to contact us either by direct communication with us or by electronic mail (e-mail address). If a data subject contacts us by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. This personal data transmitted on a voluntary basis by a data subject to us are stored for the purpose of processing or contacting the data subject. BISim also gathers data about visits to the website, including numbers of visitors and visits, Geo-location data, length of time spent on the site, pages clicked on or where visitors have come. This information is used by BISim to identify its customers, prospective customers, website visitors and others and provide or offer them with products, support, services, mailings, conduct sales and marketing actions, billing and to meet contractual obligations. It is completely optional for customers, prospective customers, website visitors and others to engage in activities or obtain services offered or provided by BISim. Depending upon the activity or service, some of the information that we ask a data subject to provide is identified as mandatory and some as voluntary or optional. If the data subject does not provide the mandatory data with respect to a particular activity, the data subject may not be able to engage in that activity or receive the applicable product or service or may not be able to fully benefit from the product or service offered. BISim’s policy is not to conduct processing of (a) personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, or (b) genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
GENERAL DATA AND INFORMATION
BISim’s website collects a series of general data and information when a data subject accesses the website. This general data and information are stored in the server log files. Collected general data may include (a) the browser types and versions used, (b) the operating system used by the accessing system, (c) the website from which an accessing system reaches our website (so-called referrers), (d) the sub-websites, (e) the date and time of access to the Internet site, (f) an Internet protocol address (IP address), (g) the internet service provider (ISP) of the accessing system, and (h) other similar data and information that may be used in the event of attacks on BISim’s website or other information technology systems. When using these general data and information, BISim does not draw any conclusions about the data subject. On the contrary, this information is used to (1) help deliver the content of BISim’s website in the intended manner, (2) improve the content of BISim’s website as well as its advertisement and promotion, (3) improve the performance of BISim’s website or other information technology systems, and (4) provide applicable law enforcement authorities with information necessary for criminal prosecution in case of hacking or cyber-attack on BISim’s website or other information technology systems. Accordingly, BISim uses anonymously collected data and information for statistical analysis with the aim of improving and protecting data security and our operations and service offerings, and to improve protection for the personal data we collect and process.
There are two main purposes why BISim collects, processes, stores and shares personal data:
- Marketing/business purposes: BISim collects and uses personal data to record and support products, services and participation in the activities you select, to keep you informed about product upgrades, special offers, announcements, learning opportunities and other products and services of BISim and to improve its website by analyzing how visitors navigate its website.
- In relation to its employees, HR related purposes: (i) processing job offers, (ii) entering/modifying/terminating employment contracts, (iii) processing employee benefits, (iv) processing sick leave and any other requirements coming from the social/health/pension/tax regulations and/or required by local law, (v) visa purposes, (vi) updating employee personal data in internal database(s), (vii) sharing personal data with external payroll agencies or (viii) when necessary for arranging business travel.
- Subject to the IGA, BISim might share personal data of data subjects with BAE Systems group of companies for various purposes detailed in the particular part of IGA. A Data subject is entitled to ask for details by sending a request to [email protected].
Our aim is only to conduct processing of personal data in compliance at all times with applicable legal requirements and if, and to the extent, at least one of the following applies:
- the individual (data subject) has given consent to BISim’s the processing of his or her personal data for one or more specific purposes;
- processing is necessary for the performance of a contract (such as an end user license agreement or on-line subscription) to which the individual (data subject) is party or in order to take steps at the request of the individual (data subject) prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which BISim as the controller is subject;
Or in rare cases:
- processing is necessary in order to protect the vital interests of the individual (data subject) or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in BISim as the controller;
- processing is necessary for the purposes of the legitimate interests pursued by BISim as the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the individual (data subject) which require protection of personal data,
If personal data is to be used or disclosed for a purpose not identified at the time of collection, individual consent will be obtained, where required by applicable law.
TRANSFERRING AND SHARING OF PERSONAL DATA
BISim intends to transfer and share the personal data of customers, employees or others (data subjects) (i) internally (including via BAE Systems group of companies) and/or (ii) externally (via service vendors or contractors) in order to fulfill the Identified Purposes.
The service vendors or contractors might be based in the EU (e.g. Ireland) and also outside the EU (e.g. USA, Canada, Australia).
For third parties based in the USA and Australia, BISim requires such third parties to protect the personal data transferred to them by BISim in a way that ensures the same level of data protection as in the EU. Such protection will be ensured by executing the appropriate safeguards established by Standard Contractual Clauses (“SSC clauses”) adopted by the European Commission as well as additional measures that will ensure the compliance with the EU level of protection of personal data. The SSC clauses will be concluded between BISim and each third party that is about to receive the personal data outside the EU from BISim and is based in the USA or Australia. The SSC clauses can be obtained by sending a request to [email protected].
For third parties based in Canada, the European Commission adopted Decision No. 2002/2/EC on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documents Act.
For third parties based in the UK, the European Commission adopted “adequacy decisions” No. C(2021) 4800 final and No. C(2021) 4801 final for transfers of personal data to the UK under GDPR and Law Enforcement Directive. These allow for the ongoing free flow of personal data from the EU to the UK.
For internal transfers of personal data within BAE Systems group of companies, BISim is a party to an International Intra Group Data Protection Agreement (IGA), dated 25 May 2018, as amended, executed among BAE Systems affiliates and the lead entity (BAE Systems plc). The IGA represents the contractual framework under which the personal data of data subjects can be shared, transferred and processed internally within the BAE Systems group of companies. IGA also contains up-to-date SCC clauses under which the adequate level of protection of personal data that are being processed internally is ensured. The SSC clauses can be obtained by sending a request to [email protected].
LIMITING USE, DISCLOSURE AND RETENTION
BISim limits its use or disclosure of personal data to the purposes for which it was originally collected, unless it has first obtained the consent of the person from whom such information was received, or as otherwise permitted or required by law. BISim retains personal information only for as long as it is needed for the purposes for which it was collected or used, or as otherwise required by law. The corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment of the contract or the initiation of a contract.
Personal data is maintained in as accurate, complete and up-to-date form as necessary for the purpose for which it is collected, or where it is likely to be used to make a decision about an individual. BISim does not routinely update personal data and relies on the individual to advise it when his or her personal data changes. From time to time, in its sole discretion, and for a reasonable and legitimate purpose, BISim may request written confirmation from an individual that the information collected and held by BISim is up to date and accurate.
Personal data is protected, by appropriate technical and organizational measures including security safeguards appropriate to its sensitivity and level of risk, from unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks. BISim’s security safeguards include, as relevant:
- premises security;
- locked file cabinets;
- restricted access to personal information;
- technological safeguards such as security software and authentication methods;
- organizational security measures
RIGHT TO RESTRICTION OF PROCESSING
Individuals (data subjects) have the right to obtain from BISim restriction of processing where one of the following applies:
the accuracy of the personal data is contested by the individual for a period enabling BISim to verify the accuracy of the personal data;
- the processing is unlawful and the individual opposes the erasure of the personal data and requests the restriction of their use instead;
- BISim no longer needs the personal data for the purposes of the processing, but they are required by the individual for the establishment, exercise or defence of legal claims;
- the individual has objected to processing by means of automated decision-making pending the verification whether the legitimate grounds of BISim override those of the individual.
RIGHT TO ERASURE
Individuals (data subjects) have the right to obtain from BISim the erasure of personal data concerning him or her without undue delay and BISim will erase personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the individual (data subject) has withdrawn his or her consent on which the processing is based and where there is no other legal ground for the processing;
- the individual (data subject) objects and has a legal basis for such objection and there are no overriding legitimate grounds for the processing;
- the personal data have been unlawfully processed; or
the personal data have to be erased for compliance with a legal obligation to which BISim is subject.
Notification regarding rectification or erasure of personal data or restriction of processing
RIGHT TO OBJECT, AND AUTOMATED INDIVIDUAL DECISION-MAKING
Individuals (data subjects) have the right to refuse to be subjected to automated decision making, including profiling and may insist on human intervention if the decision is:
- Based on automated processing; and
- Produces a legal effect or a similarly significant effect on the individual.
RIGHT TO DATA PORTABILITY
Individuals (data subjects) have the right to receive the personal data concerning him or her, which he or she has provided to BISim, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from BISim, where:
- the processing is based on consent or on a contract with BISim; and
- the processing is carried out by automated means.
LEGAL OBLIGATION TO DISCLOSE PERSONAL INFORMATION
We are permitted to disclose personal information when we are legally required to do so or have good reason to believe that this is legally required.
EXCEPTIONS ARISING UNDER LAW
- national security;
- public security;
- the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;
- other important objectives of general public interest of governmental authority having jurisdiction over BISIM in particular an important economic or financial interest of the governmental authority, including monetary, budgetary and taxation a matters, public health and social security;
- the protection of judicial independence and judicial proceedings;
- the prevention, investigation, detection and prosecution of breaches of ethics for regulated professions;
- a monitoring, inspection or regulatory function connected, even occasionally, to the exercise of official authority in the cases referred to in points (a), (b), (c), (d), (e) and (g);
- the protection of the individual (data subject) or the rights and freedoms of others;
- the enforcement of civil law claims.
We may also reveal a user’s personal information without his/her prior permission only when we have good reason to believe that the disclosure of this information is required to establish the identity of, to contact or to initiate legal proceedings against a person or persons who is/are suspected of infringing rights or property belonging to BISim or to others who could be harmed by the user’s activities or of persons who could (deliberately or otherwise) transgress upon these rights and property.
YOUR RIGHT TO ACCESS AND MODIFY YOUR PERSONAL INFORMATION
Subject to some exceptions, you have the right to request access to any personal information relating to you that is held by BISim in accordance with applicable laws. Ordinarily, a copy of the personal information held by BISim electronically or in files can be provided.
- wish to access the personal information relating to you that is held by BISim; or
- wish to update personal information relating to you that is held by BISim because you believe that information is incorrect or out of date; or
- no longer wish to have personal information relating to you held by BISim,
you will need to make a written request by email to [email protected] with sufficient details for BISim to identify you, and to contact you in the event that BISim requires further confirmation of your identity.
By requesting that BISim cease holding personal information relating to you, you acknowledge and agree that BISim will cease the provision of all services to you requiring such information. BISim will then take all reasonable steps to ensure that the personal information relating to you is destroyed or de-identified by secure means.