Rencore Governance
Data Processing Agreement

If you would prefer to download a signed copy of the DPA, please click here.

1 PREAMBLE

WHEREAS, under the DPA concluded between Processor and Controller, Processor agreed to provide certain services relating to Rencore Governance to the Controller as further specified in the main contract and in Annex 1 to this DPA (the “Services”);

WHEREAS, in rendering the Services, Processor may from time to time be provided with, or have access to information which may qualify as personal data within the meaning of the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”), and other applicable data protection laws and provisions;

WHEREAS, Controller engages Processor as a commissioned Processor acting on behalf of Controller as stipulated in Art. 28 GDPR;

NOW, THEREFORE, and in order to enable the parties to carry out their relationship in a manner that is compliant with law, the parties have entered into this DPA as follows:

2 TERMINOLOGY

For the purposes of this DPA, the terminology and definitions as used by the GDPR shall apply. In addition to that,

“Member State” shall mean a country belonging to the European Union or to the European Economic Area;

“Subprocessor” shall mean any further processor, located within or outside of the EU/EEA, that is engaged by Processor as a subcontractor for the performance of the Services or parts of the Services on behalf of Controller, provided that such Subprocessor has access to the personal data of Controller exclusively for purposes of carrying out the subcontracted Services on behalf of Controller.

“Security Breach” shall mean a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed which affects the personal data of the Controller covered by this DPA.

Further definitions are provided throughout this DPA.

3 DETAILS OF THE PROCESSING

The details of the processing operations provided by Processor to Controller as a commissioned data processor (e.g., the subject-matter of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects) are specified in Annex 1 to this DPA.

4 OBLIGATIONS AND RESPONSIBILITIES OF CONTROLLER

The Controller is responsible that the processing activities relating to the personal data, as specified in the main contract and this DPA, are lawful, fair and transparent in relation to the data subjects, as set out in Annex 1.

5 INSTRUCTIONS

a) The Processor is obliged to process the personal data only on behalf of the Controller and in accordance with the instructions given by the Controller unless otherwise required by European Union or Member State law to which the Processor is subject; in such a case, the Processor shall inform the Controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.

b) The Controller’s instructions are provided in this DPA and the main contract. Controller may give specifications to such instructions provided in this DPA and the main contract as well as further instructions. Such specifications and/or further instructions are given generally in writing unless the urgency or other specific circumstances require another (e.g., oral) form. Specifications and/or further instructions in another form than in writing shall be confirmed by Controller in writing without delay. Any further instructions that go beyond the instructions contained in this DPA or the main contract shall be related to the subject matter of the main contract and this DPA.

c) The Processor shall immediately inform the Controller if, in its opinion, an instruction infringes the GDPR or other applicable European Union or Member State data protection provisions (“Challenged Instruction”). If the Processor is of the opinion that an instruction infringes the GDPR or other applicable European Union or Member State data protection provisions, the Processor is not obliged to follow the Challenged Instruction unless and until the Controller has confirmed or changed it.

6 OBLIGATIONS OF PROCESSOR

a) The Processor is obliged to ensure that persons authorized by the Processor to process the personal data on behalf of the Controller, in particular the Processor’s employees as well as employees of any Subprocessors, have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality and that such persons who have access to the personal data process such personal data in compliance with the Controller’s instructions.

b) The Processor is obliged to implement the technical and organizational measures as specified in Annex 2 before processing the personal data on behalf of the Controller. The Processor may amend the technical and organizational measures from time to time provided that the amended technical and organizational measures are not less protective than those set out in Annex 2. Substantial amendments to the technical and organizational measures shall be agreed upon in writing between the Parties prior to their implementation. The Processor shall document changes to the technical and organizational measures and provide the Controller with such documentation on request.

c) The Processor is obliged to make available to the Controller any information necessary to demonstrate compliance with the obligations of Processor laid down in Art. 28 GDPR and in this DPA. In particular, the Processor will provide an annual audit report based on ISO 27001 or ISAE3402 or SSAE16-SOC 1 Type 2 or ISAE3000 or SSAE16-SOC 2 Type 2 or similar audit reports created by a third party (“Audit Report”) as soon as such Audit Report becomes available to Processor.

d) The Processor shall grant Controller or an auditor commissioned by Controller the necessary access, information and inspection rights for this purpose. The Processor undertakes in particular to grant Controller or the auditor appointed by it access to the data processing facilities, files and other documents in order to enable the inspection and verification of the relevant data processing facilities, files and other documentation relating to the processing of Controller’s data. The Processor shall provide Controller or the auditor commissioned by Controller with all information necessary for the inspection. The parties agree that access to data of other Rencore clients in the context of an audit must be excluded under all circumstances. The audit right relates exclusively to technical and organisational measures regarding data processing operations concerning Controller.

e) Controller shall be entitled to enter the Processor’s business premises where “Principal Data” are processed, with reasonable advance notice during normal business hours (Mondays to Fridays from 9.00 a.m. to 5.00 p.m.) at its own expense, without disrupting the course of business and subject to strict confidentiality of the Processor’s business and trade secrets, in order to satisfy itself of compliance with the technical and organisational measures pursuant to Annex 2 to this Contract. Controller shall pay reasonable compensation for any disruptions to the Processor’s operations or for the provision of the Processor’s personnel. If the audit demonstrates that the Processor has breached any obligation under this agreement, the Processor shall immediately cure that breach and pay or reimburse Controller for all reasonable costs of the audit. Otherwise Controller shall bear its own costs of the audit.

f) The Processor is obliged to notify the Controller without undue delay

(i) about any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as by a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation; and

(ii) about any complaints and requests received directly from a data subject (e.g., regarding access, rectification, erasure, restriction of processing, data portability, objection to processing of data, automated decision-making) without responding to that request unless the Processor has been otherwise authorized by the Controller to do so.

g) The Processor is obliged to notify the Controller without undue delay about a Security Breach at the Processor or its Subprocessors after the Processor becomes aware of such a Security Breach and in this case the Processor will assist the Controller with the Controller’s obligation under applicable data protection law to inform the data subjects and the supervisory authorities, as applicable, by providing the necessary information taking into account the nature of the processing and the information available to the Processor.

h) The Processor is obliged to assist the Controller with its obligation to carry out a data protection impact assessment as may be required by Art. 35 GDPR and prior consultation as may be required by Art. 36 GDPR that relates to the Services provided by the Processor to the Controller under this DPA by means of providing the necessary and available information to the Controller.

i) The Processor is obliged – at the choice of the Controller – to delete or return to the Controller all the personal data which are processed by the Processor on behalf of the Controller under this DPA after the end of the provision of Services, and delete any existing copies unless European Union or Member State law requires the Processor to retain such personal data.

j) The Processor is obliged to provide to the Controller the respective records of processing activities according to Art. 30 (2) GDPR relating to the Services under this DPA, to the extent necessary for the Controller to comply with its obligation to maintain records of processing.

k) The Processor shall designate a data protection officer and/or a representative, to the extent required by applicable data protection law. The Processor is obliged to provide contact details of the data protection officer and/or representative, if any, to the Controller.

7 DATA SUBJECT RIGHTS

a) The Controller is primarily responsible for handling and responding to requests made by data subjects.

b) The Processor is obliged to assist the Controller with any appropriate and possible technical and organizational measures to respond to requests for exercising the data subjects’ rights which are laid down in Chapter III of the GDPR. In particular, the Processor shall assist as follows:

(i) With regard to information requests (Art. 13 and 14 GDPR) the Processor shall provide to the Controller the information as required by Art. 13 and 14 GDPR and as available at the Processor.

(ii) With regard to access requests (Art. 15 GDPR) the Processor shall provide the Controller with the information that needs to be provided to a data subject relating to such an access request and that is available at the Processor.

(iii) With regard to rectification requests (Art. 16 GDPR), erasure requests (Art. 17 GDPR), restriction of processing requests (Art. 18 GDPR), and portability requests (Art. 20 GDPR), the Processor shall either provide the Controller with the ability to rectify or, as the case may be, erase, restrict, or transmit to another third party the affected personal data or if such ability cannot be provided the Processor shall provide the necessary assistance to rectify or, as the case may be, erase, restrict, or transmit to another third party the affected personal data.

(iv) With regard to notification regarding rectification or erasure or restriction of processing (Art. 19 GDPR), the Processor shall assist with notifying any recipients of the personal data that are engaged by the Processor as Subprocessors if requested to do so by the Controller.

(v) With regard to the right to object as exercised by a data subject (Art. 21 and 22 GDPR) the Controller shall determine whether the objection is legitimate and how to address the objection. If the Controller needs the Processor’s assistance to address the objection, the Controller shall give a specification to the instructions contained in the DPA as stipulated in Section 5 b) and the Processor will provide such assistance to address the objection.

c) In addition to the assistance specified in 7 b) above, the Controller may request and require additional assistance from the Processor in order to comply with the rights exercised by the data subjects.

d) The Controller is obliged to determine whether or not a data subject has a right to exercise any such data subject rights as set out in this Section 7 and to give specifications to the Processor to what extent the assistance specified in Section 7 b) is required.

8 SUBPROCESSING

a) The Processor is granted authorisation to engage the Subprocessors listed in the table below. The Processor shall specifically inform Controller in text form of any intended changes to the table through the addition or replacement of Subprocessors at least four weeks in advance, thereby giving the Controller sufficient time to be able to object to such changes prior to the engagement of the concerned Subprocessor(s). The Processor shall provide the Controller with the information necessary to enable the Controller to exercise the right to object.

b) Where the use of a Subprocessor has been authorized/not objected to by the Controller in accordance with 8 a), the Processor shall enter into a written contract with the Subprocessor (“Subprocessing Agreement”) and such Subprocessing Agreement shall (i) impose upon the Subprocessor the same obligations as imposed by this DPA upon the Processor, to the extent applicable to the subcontracted Services, (ii) describe the subcontracted Services, and (iii) describe the technical and organizational measures the Subprocessor has to implement pursuant to Annex 2, as applicable to the subcontracted Services. The Controller has the right to request a copy of the Subprocessing Agreement.

c) Where the Subprocessor fails to fulfil its data protection obligations, the Processor shall remain fully liable to the Controller for the performance of the Subprocessor’s obligations.

d) In case a Subprocessor is located outside the EU/EEA in a country that is not recognized as providing an adequate level of data protection or transfers data to such a country, the Processor will enter into a direct data processing agreement based on the EU Standard Contractual Clauses as provided by the EU Commission Implementing Decision (EU) 2021/914 of June 2021 (Module 3 – Processor to Processor).

9 LIMITATION ON LIABILITY

Each party is responsible for discharging the obligations incumbent on them in this Data Processing Agreement and under applicable data protection law.

10 EXEMPTION FROM LIABILITY

The Processor exempts the legal entity (“Controller”) and its executive and supervisory board members, employees, legal successors and representatives from all claims, damages, losses, costs, fines and other expenses (including, in particular, reasonable attorney fees and legal costs) arising from, or as a consequence of, a claim, demand, lawsuit, court order, or other proceedings brought by third parties (including a regulatory body) as a result of, or in connection with, an infringement by the Processor of its obligations under this Data Processing Agreement.

11 TERM AND TERMINATION

The term of this DPA is identical with the term of the main contract. Save as otherwise agreed herein, termination rights and requirements shall be the same as set forth in the main contract. If the Processor is active in connection with several contracts / orders this DPA ends with the end of the last contract / order by the Processor for the Controller.

12 MISCELLANEOUS

a) The Parties are required to comply with those obligations under the GDPR and under any other applicable data protection laws that apply, as applicable, to the Controller in its role as data controller or to the Processor in its role as data processor.

b) If and to the extent necessary to comply with mandatory provisions regarding the commissioning and performance of the Parties under the laws applicable to the Parties, each Party may require any necessary changes (including amendments) to the provisions of this DPA and its annexes.

c) This DPA shall be governed by the same law as the main contract except as otherwise stipulated by applicable data protection law. The place of jurisdiction for all disputes regarding this DPA shall be as determined by the main contract except as otherwise stipulated by applicable data protection law.

d) In the event of inconsistencies between the provisions of this DPA and any other agreements between the Parties, the provisions of this DPA shall prevail with regard to the Parties’ data protection obligations. In case of doubt as to whether clauses in such other agreements relate to the Parties’ data protection obligations, this DPA shall prevail.

e) Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision s

Annex 1

1 CATEGORIES OF DATA SUBJECTS

The personal data processed concern the following categories of data subjects:

Users of Rencore Governance, including those using services provided by subprocessors
Users in Microsoft 365
Data subjects referenced in metadata that is processed within scans of M365 tenant

Data processing by subprocessors is referred to in the table in section 8 of the main Data Processing Agreement.

2 SUBJECT-MATTER OF THE PROCESSING

Rencore Governance stores the following data:

2.1 User context

End-users of the Rencore Governance service:

Usernames
User ID
Email addresses

2.2 Service context

Data that is collected from Microsoft 365 by connecting the service to the Controller’s tenant

URLs
Titles
Metadata of objects

from collected data (e.g. Site Collections, Sites, Lists, Teams).

All collected data / logs are encrypted using built-in Azure encryption.

More details about the software architecture and processing (including data processed) can be found at:

In case any data should not be scanned it is possible to enable/disable specific services (e.g. Azure AD auditing)

Data processing by subprocessors is referred to in the table in section 8 of the main Data Processing Agreement.

2.3 Nature and purpose of the processing

The aforementioned personal data is processed by Rencore Governance in the course of providing the Software-as-a-Service, as detailed in the product description for Rencore Governance, as well as for the purposes of providing support

for these services, billing for these services, assessing product usage, and providing a satisfactory user experience in the form of user guides and user feedback options (please refer to the list of Sub-processors under section 8 of the main DPA for further information). Rencore Governance and Rencore as a company have no direct control over the user work behaviour and do not process any personal data independent of processes commenced by the Customer (e.g. using the tool, requesting support for the tool, etc.) So that Rencore can contact users based on integrated and configured violation rules, the personal data of the affected users (names and email addresses) are stored. No other processing activity takes place within Rencore Governance.

The Customer can request the deletion of data at any time (with exceptions where continued processing is necessary for the maintenance of the contract between the Customer and Rencore or for other legal reasons, e.g. billing data). The Customer can delete data within their Rencore Governance instance at any time, including in preparation for terminating the services. Workspaces are deleted 30 days after they have been set for deletion, in order to allow for recovery of accidentally deleted workspaces within those 30 days.

2.4 Categories of personal data

The personal data processed by Processor on behalf of Controller concern the following categories of personal data: https://docs.rencore.com/governance/technical-documentation/security-and-privacy/data/personally-identifiable-information

2.5 Special categories of data

No special categories of data in accordance with Art. 9 GDPR are processed within Rencore Governance.

Annex 2

Description of the technical and organizational measures implemented by Processor in accordance with applicable data protection law:

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Processor shall implement the following technical and organizational measures to ensure a level of security appropriate to the risks for the rights and freedoms of natural persons. In assessing the appropriate level of security the Controller and the Processor took account in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed.

An overview of security at Rencore, generated from Rencore’s compliance tool, can be found here: https://url.rencore.com/securityreport; a copy of Rencore’s standardized CAIQ security questionnaire and of Rencore’s latest SOC 2 Type 2 report can be requested from the Controller’s customer success/sales representative.

1 PSEUDONYMIZATION

The following measures shall be implemented to address the pseudonymization of the personal data:

In order to achieve the purposes of the commissioned data processing it is not possible to pseudonymize the personal data at this moment.

2 ENCRYPTION

The following measures shall be implemented to address the encryption of the personal data:

In Rencore Governance, all information is encrypted. Azure Storage Accounts have built-in support for encryption at rest, and in-transit. In addition to this, Rencore adds another layer of cryptographic AES 256-bit industry-standard encryption around the data before it is transmitted to storage. All transmissions from the application to the end-user are SSL encrypted. Read more about this in Rencore’s documentation: https://docs.rencore.com/governance/technical-documentation/security-and-privacy/is-rencore-governance-secure

3 CONFIDENTIALITY OF PROCESSING SYSTEMS AND OF THE SERVICES

The following measures shall be implemented to address the confidentiality of the processing systems and of the services:

Only authorized personnel have access to production systems where personal data exist or are processed.

4 INTEGRITY OF THE PROCESSING SYSTEMS AND OF THE SERVICES

The following measures shall be implemented to address the integrity of the processing systems and of the services:

Audit logs are kept for Rencore systems, including regarding access to processing and cloud environments.
Only authorized personnel at Rencore can access the audit logs.

5 AVAILABILITY OF PROCESSING SYSTEMS AND OF THE SERVICES

The following measures shall be implemented to address the availability of the processing systems and of the services:

Rencore Governance performs regular backups of all configuration data.
Rencore complies with GDPR, and processes personal data accordingly.

6 RESILIENCY OF THE PROCESSING SYSTEMS AND OF THE SERVICES

The following measures shall be implemented to address the resiliency of the processing systems and of the services:

Rencore Governance is designed and architected from Microsoft best practices for distributed cloud solutions. The system scales up as high demand arises, and all applications are running multiple instances to distribute and load balance the incoming requests.

7 ABILITY TO RESTORE THE AVAILABILITY AND ACCESS TO THE PERSONAL DATA IN A TIMELY MANNER IN THE EVENT OF PHYSICAL OR TECHNICAL INCIDENT

The following measures shall be implemented to address the ability to restore the availability and access to the personal data in a timely manner in the event of a physical or technical incident:

Rencore adheres to its Backup Policy regarding data backups.
Rencore Governance has regular backups of configurations, and the infrastructure can be replicated in the same, or new regions, in case of a technical incident.

Note that Rencore Governance operates in Microsoft Azure, and as such, is dependent on services from Microsoft Azure. If an incident is because of service degradation with Microsoft Azure, Rencore may be impacted by this during technical incidents.

8 PROCESS FOR REGULARLY TESTING, ASSESSING AND EVALUATING THE EFFECTIVENESS OF TECHNICAL AND ORGANIZATIONAL MEASURES

The following measures shall be implemented to address the regularly testing, assessing and evaluating of the effectiveness of technical and organizational measures:

Rencore has implemented organizational policies to meet the SOC2 compliance standard, which will assist Rencore toward undergoing further regulatory audits. A SOC2 audit mandates that Rencore has valid security policies, risk assessments, annual reviews, external audits, and more. A SOC 2 Type 2 report is available on request.

9 ENSURING THE CONFIDENTIALITY OF PROCESSING SYSTEMS AND THE PROCESSOR’S SERVICES

The Processor adopts the following security measures to ensure the confidentiality of processing systems and the services it performs:

All systems are configured according to security best practices.
Rencore adheres to its own Data Classification Policy to ensure that confidential data is handled appropriately.

10 INTEGRITY OF PROCESSING SYSTEMS AND THE PROCESSOR’S SERVICES

The Processor adopts the following security measures to ensure the integrity of processing systems and the services it performs:

All systems are configured according to security best practices.

11 AVAILABILITY OF PROCESSING SYSTEMS AND THE PROCESSOR’S SERVICES

The Processor adopts the following security measures to ensure the availability of processing systems and the services it performs:

All systems are configured to be available during high load.

12 RESILIENCE OF PROCESSING SYSTEMS AND THE PROCESSOR’S SERVICES

The Processor adopts the following security measures to ensure the resilience of processing systems and the services it performs:

All systems are built cloud-native as resilient applications, and adopt security best practices.

v2.3 (05/2023)

Cookie	Duration	Description
cf_use_ob	past	Cloudflare sets this cookie to improve page load times and to disallow any security restrictions based on the visitor's IP address.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.

Cookie	Duration	Description
ai_session	30 minutes	This is a unique anonymous session identifier cookie set by Microsoft Application Insights software to gather statistical usage and telemetry data for apps built on the Azure cloud platform.
ai_user	1 year	A unique user identifier cookie, set by Microsoft Application Insights software, that enables counting of the number of users accessing the application over time.
AnalyticsSyncHistory	1 month	No description
browser_id	5 years	This cookie is used for identifying the visitor browser on re-visit to the website.
CLID	1 year	Clarity (MS)
CONSENT	16 years 2 months 24 days 16 hours	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.
MicrosoftApplicationsTelemetryDeviceId	1 year	Microsoft sets this cookie to install a unique device ID that is used to track how users behave and interact with the Microsoft application on the device.
MS0	30 minutes	This cookie is set by Microsoft to identify a particular session.
MSFPC	1 year	This cookie is set by Microsoft to recognize unique web browsers that visit Microsoft sites. It is used for advertising, site analytics, and other operational purposes.
original_req_url	past	No description
Rencore Analytics	never	Analytics
visitorId	1 year	ZoomInfo sets this cookie to identify a user.
_cfuvid	session	No description
_clck	1 year	Clarity (MS)
_clsk	1 day	Microsoft Clarity - Analytics
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_UA-77273030-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_ga_Z5LR216TRD	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_uetsid	1 day	This cookies are used to collect analytical information about how visitors use the website. This information is used to compile report and improve site.
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
__hstc	1 year 24 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and also verify the clicks from ads on the Bing search engine. The cookie helps in reporting and personalization as well.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
li_gc	2 years	No description
li_sugr	3 months	LinkedIn InsightTag
muc_ads	2 years	Twitter set this cookie to collect visitor navigation data to optimise ad relevance.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
personalization_id	2 years	Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
SRM_B	1 year 24 days	Microsoft Bing Ads
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
_uetvid	1 year 24 days	Bing Ads

Microsoft Defender –

Strategy & Information Security

Microsoft Defender –

Strategy & Information Security

Microsoft Defender –

Strategy & Information Security

Microsoft 365 Governance made easy!

Rencore Governance
Data Processing Agreement

Annex 1

Annex 2

Microsoft Defender –

Strategy & Information Security

Microsoft Defender –

Strategy & Information Security

Microsoft 365 Governance made easy!

Rencore Governance Data Processing Agreement

Annex 1

Annex 2

Rencore Governance
Data Processing Agreement