Privacy Policy

Adaptive BBS™ and related services

Last modified August 17, 2018

Our Privacy Commitment

DEKRA is committed to protecting your privacy and maintaining transparency in how we collect, use, and share data about you. This Privacy Policy details the choices available to you concerning how your personal data is collected, processed, and used. For many of our users, control of their accounts and use of DEKRA services are managed through their employer and in these instances the employer is the data controller and DEKRA is the data processor. Accordingly, this policy also clarifies our relationship to these users and explains the tools available to administrators of these users.

This Privacy Policy applies to information we collect through the Adaptive BBS™ hosted software solution (the “System”) as well as information you provide to us outside of the System (for example, by phone or email).

Please read this Privacy Policy carefully so that you understand our policies and practices regarding your personal information and how we will treat it. You are not obligated to provide us with your personal information. If you do not agree with our policies and practices, your choice is to not use the System or our services or to limit the information you provide to us.

Who we are

DEKRA collectively refers to Regulatory Consultants, Inc., and its North American affiliates including DEKRA North America, Inc., Behavioral Science Technology, Inc., Chilworth Technology, Inc., and Safety Consulting Engineers, Inc.

DEKRA may process data as both a controller and a processor.

Contact information

To ask questions or comment about our privacy practices, please contact us at or by mail at:

  • DEKRA Service Inc.
  • 1945 The Exchange SE #300
  • Atlanta, GA 30339
  • Phone: (770) 971-3788

What We Collect

Privacy Notice for California Residents

Effective date: January 21, 2020
Last modified: January 21, 2020

This Privacy Notice for California Residents supplements the information contained in DEKRA’s Privacy Notice and applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this Notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this Notice.

This Notice does not apply to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals. Where noted in this Notice, the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication (”B2B personal information”) from some OF its requirements.

Information You or Your Employer Provide to Us

The System may collect several types of information by which you may be personally identified (“Personal Information”), including:

  • Your first and last name, date of birth, gender, job title, site location, shift, signature or e-mail address, home address;
  • Your emergency contact’s first and last name, home address, phone number, and email;
  • Information in graphic form, such as videos or pictures;
  • Information related to safety observations, exposures, activities and/or incidents in your workplace; and
  • Information about your location.

We may also collect information from you outside of the System, for example, when you request technical support regarding the System.

There are certain types of Personal Information which we will never ask you to provide (or ask someone else to provide about you), such as your social security number, credit card number, health information, or biometric data.

You are under no obligation to provide any Personal Information to us. However, if you choose to withhold specific information, we may be unable to provide your employer with certain services.

Usage Details and IP Addresses.

If you access the System through a web interface, we will use “cookies” to collect certain information from you. A cookie is a small file placed on the hard drive of your computer, which is then used to identify your computer when your return to the website. Cookies give us usage data like how often you visit, where you go and what you do on the website. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, you will be issued cookies when you direct your browser to our website.

The System itself may collect your usage details (i.e. information about your equipment, browsing actions and usage patterns) or IP addresses.

Anonymous Information

We may create “Anonymous Information” – information derived from Personal Information by excluding your contact information or any other Personal Information that could link the Anonymous Information back to you.

How We Collect It

DEKRA collects your information:

  • Directly from you when you provide it to us through the System or to our representatives through other mediums such as email, letters, or phone calls;
  • From our clients (i.e. your employer);
  • From other System users; and
  • From affiliates and subsidiaries of our parent company, DEKRA SE.

In addition, information about your computer hardware and software is automatically collected the System. This information can include: your IP address, browser type, domain names, access times, and referring website addresses.


The DEKRA website uses "cookies" to provide functionality and to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. All cookies created by the DEKRA Safety Management System are secure. The purpose of a cookie is to tell the Web server that you have returned to a specific page so that information you previously provided can be retrieved, and your customized feature are retained. For example, if you personalize grid or filter settings on a report, or provided your billing or shipping address, a cookie helps DEKRA to recall your specific information on subsequent visits. You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not have access to the full functionality of our services or website.

How We Use It

We may use your Personal Information:

  • To allow you to utilize the System, including administering your account and identifying you upon sign-in;
  • To improve your experience with the System;
  • To verify accounts and activity and to monitor suspicious or fraudulent activity;
  • To provide services for the benefit of our client (i.e. your employer);
  • To notify you about changes to the System or to this Privacy Policy;
  • To contact you about our services and the services of our family of affiliated companies, unless you opt-out;
  • To carry out our obligations and enforce our rights according to any contract we may have with your employer;
  • In any other way we may describe when you provide the information; or
  • For any other purpose with your consent.

Automated Processing

We do not conduct automatic profiling.

Legal Basis for Processing

We will not collect and process information about you unless we have a legal basis for doing so. The legal bases depend on the DEKRA services you use and how you use them. This means we collect and use your information only where:

  • It is required to provide you or your employer with our services. This use includes the information we require to operate our services, provide customer support, personalize features and functionalities of our services, and to protect the safety and security of the services;
  • It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, or to protect our own legal rights and interests;
  • You give us consent to do so for a specific purpose; or
  • We need to process your data to comply with a legal obligation.

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time. However, this change will not affect any processing that has already occurred. Where your information is being used because we or your employer have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using our services. If your account is managed or administered by your employer, your employer may require use of our services as a condition of employment. We are not responsible for the policies of your employer.

How We Share It

Personal Information

We will disclose your Personal Information only as follows:

  • To our parent, subsidiary and affiliate companies, including those located in other countries;
  • To your employer or companies with which your employer contracts;
  • To other users within your employer’s organization;
  • To comply with any court order, law or legal process, including to respond to any government or regulatory request;
  • If we believe disclosure is necessary or appropriate to protect or defend the rights, property, or safety of DEKRA, our customers or others;
  • For any other purpose disclosed by us when you provide the information; or
  • For any other purpose with your consent.

Third party controllers and processors

We do not share your Personal Information with third party controllers or processors.

Managed accounts and administrators

For many of our users, control of their accounts and use of our services are managed through their employer. If you register or access our services using an email provided to you by your employer, certain information about you (including your name, contact info, and past use of your account) may become accessible to your employer’s administrator and other users sharing the same domain. If you are an administrator for an organization, we may share your contact information with current or past service users in order to facilitate service-related requests.

DEKRA Reorganization

In the event that we undergo re-organization or are sold to a third party, any Personal Information we hold about you may be transferred to that re-organized entity or third party in accordance with applicable law. You acknowledge that such acquisitions may occur and that any acquirer of a DEKRA entity or its assets may continue to use your Personal Information as set forth in this policy.

Other Disclosures

Except as described in this policy, we will not sell, rent, or make available your Personal Information to third parties without your permission. Our employees and contractors who provide Services are obliged to respect the confidentiality of any Personal Information held by us and are only authorized to use your Personal Information for the purpose of providing Services.

Anonymous Information

Subject to applicable law, we may disclose Anonymous Information without restriction.

How We Store and Secure It

Storing Your Personal Information

We use data hosting service providers in the AWS Region US East (N. Virginia) to host the information we collect, and we ensure technical measures secure your data. Because your information is stored at data centers located in the United States of America, it is subject to U.S. laws and may be accessible to the U.S. government, tribunals, law enforcement and regulatory agencies. The level of data protection established in the United States of America may be different from the one established in your home country.

Securing Your Personal Information

Personal Information is kept on computer servers in a controlled, secure environment, protected from accidental loss, unauthorized access, use, alteration, or disclosure.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted via the System. Among the security measures we take is a login process requiring a password and username that you select and a firewall protecting our hosting server. We will retain your username as part of your Personal Information but will not share this information with anyone. You are responsible for keeping your password and username confidential and secure from unauthorized persons, and you are responsible for any and all activities that occur under your user name. Any transmission of Personal Information is at your own risk.

Keeping Your Personal Information

We will retain your Personal Information for varying amounts of time, depending on the nature of the information.

  • Account information: Your account information is stored for as long as your account is active and for a reasonable length of time thereafter (to be used in the event that you or your organization opt to reactivate your use of the System). We also retain some of your information in order to comply with our legal obligations, resolve disputes, enforce our agreements, support business operations, and continue to develop and improve our services. If we retain your information for the purpose of improving our services, we take steps to anonymize that information. If your account is managed by your employer, your Personal Information will be retained as long as required by the administrator of your account.
  • Other information you add to the System: In the event that your account is deactivated or disabled, some of your Personal Information and any content you have provided will remain so that your employer can continue to make full use of the System and its features. For example, we will continue to display any records you created or comments that you made on existing records.

Data Breaches

If there are any breaches in our security, we will notify you of those breaches within a reasonable amount of time. In the event of a security breach, our response procedure is specified in our SLA (Service Level Agreement).

How to Access and Manage It

Users with Accounts Administrated by Your Organization

The System and our services are intended for use by organizations. If the System or our services are made available to you through your employer, your employer is your System administrator and is responsible for the accounts and/or applications over which it has control. Please direct your initial questions regarding data privacy and System administration of our services to your administrator, as your use of the System is subject to your employer’s policies. We are not responsible for your employer’s policies.

Within the System, your administrator is able to require you to reset your password, change the email address associated with your account, restrict, suspend, or end your use of or access to the System; require your use of the System as a condition of your employment; access information in and about your account; and/or access or retain information stored as part of your account.

Even if your use of the System is not managed by your employer at this time, if the email address you use to access the System is provided by your employer, then your employer may assert administrative control over your account and your use of the System at a later date.

Accessing, Copying, Deleting, and Correcting Your Personal Information

You may access and make changes to some of your Personal Information via the System. Specifically, you can update your profile information, turn on and off email notifications, and update or remove emergency contact information from your profile page. You also have the option to delete certain personal information stored on your profile.

If you require other deletions or changes to your Personal Information which cannot be accomplished via your profile page, please Contact Us. We may choose not to accommodate a request to delete or change information if we believe the deletion or change would violate any law or legal requirement or cause the information to be incorrect. If the System is controlled or managed for you by your employer, you may need to contact your System administrator to assist with your requests first. Your request and choices may be limited in certain cases.

If you no longer wish to maintain your account or use the System, you or your administrator may be able to delete your profile from the System. However, your employer may consider use of the System to be a condition of your employment, and we are not responsible for your employer’s policies.

Turning off Cookies

You can opt to turn off the use of cookies through your browser. Certain browsers may not allow you to disable cookies. We are not responsible for the policies of your web browser.

Your Rights

Obtaining a Copy of Your Information

You have a legal right to a copy of all of your Personal Information in our possession. If you would like a copy of your Personal Information, please Contact Us. We will provide you with an electronic file of your basic account information that can be exported into another system.

California Users

California Civil Code Section 1798.83 permits users who are California residents and who have provided us with “personal information” (as that term is defined in Section 1798.83) to request certain information about the disclosure of that information to third parties for their direct marketing purposes. If you are a California resident, you may email us at:

Canadian Users

Canadian citizens, except under circumstances defined by law, are entitled to access their own personal data by writing to: DEKRA Service Inc., 1945 The Exchange SE #300, Atlanta, GA 30339. If you believe that the personal data about you that we have collected is incomplete or inaccurate, please Contact Us and we will correct the information upon verification of the omission or error and of the identity of the person requesting the change.

Children Under the Age of 16

Neither the System nor our services are intended for use by children under 16 years of age and we do not knowingly collect personal information from children under 16. If you are under 16, please do not use or provide us any information. If we learn we have collected or received Personal Information from a child under 16 without verification of parental consent, we will delete that information.

Changes to this Policy

We will occasionally update this Privacy Policy. In the event we make changes to this Privacy Policy, we will notify the System administrator designated by your employer by email and will notify you of the update via your System dashboard. If you do not agree with any changes that we have made to this Privacy Policy, you must notify us that you do not wish to continue using the System and we will terminate your account with us. Continued use of the System indicates your acknowledgement and acceptance of changes.