Privacy Policy

Last updated: 25th July 2023 | Revision 9

Ideagen is committed to ensuring that any personal data entrusted to Ideagen, whether as a processor or controller, is collected, used, held or otherwise processed is in compliance with the UK GDPR as well as US regulations (such as the CPRA, CCPA), the Privacy Act 1988 (Cth) for Australia or any other privacy regulation applicable in the country of residence of the data subject.  This is achieved by utilising the appropriate technical and organisational controls and measures.

1. Who is this Privacy Policy for?

This privacy policy is for anyone who interacts with us in any way which involves the processing of personal data, including any of the following;

• When accessing and using any Ideagen website or any application
• When using our services as an authorised user where we act as a controller or processor of personal data
• When working for, or acting on behalf of, an Ideagen supplier or provider when Ideagen acts as the controller or processor of personal data
• When communicating or corresponding with us (including but not limited to emails, phone calls, texts or faxes).

It does not extend to any websites or third-party links that can be accessed from the Ideagen website or application including, but not limited to, any links we may provide to social media websites.

 

2. What is this Privacy Policy about?

This privacy policy explains what personal data we collect from you, how and why we collect it, how we use it and who we share it with.  It explains your rights and entitlements and our position as either data controller or data processor of your data.  This all depends on how you interact with us which will be explained below.

 

3. Who is the controller or processor of your data?

We will act as the data controller where we make decisions on how your personal data is used in connection with the website or our applications or services. We will act as the data processor where we only use your personal data as authorised and instructed by a third party in connection with the website, or our applications or services.

Where we are acting as the data controller, we are responsible for the obligations of a data controller under Data Protection Law in connection with the processing of your personal data and we use this privacy policy to provide you with information about our use of your personal data.

Where we are acting as a data processor, the relevant third party will be acting as data controller and will be responsible for the obligations of a data controller under Data Protection Law in connection with the processing of your personal data. If you are accessing the website, or our application or services through a third party, you should contact them with queries regarding the processing of your personal data or compliance with Data Protection Law.

 

4. How can you contact us?

Ideagen is a limited company incorporated in England and Wales (company number 02805019) and having its registered address at One Mere Way, Ruddington, Nottingham, England, NG11 6JS.

Any comments, complaints or questions regarding our Privacy Policy may be addressed to dataprotection@ideagen.com or alternatively you can call us toll free (for US residents) on +1 888 882 2082.

 

5. How do we collect your personal data?

Your personal data is collected directly from you when using the website, or our applications or services.  This will be from you providing identifiable information directly, such as by filling in a form or web enquiry, by providing documents  which contain your personal data, or through telephone conversations or email exchanges which may contain your personal data.  Your web browser or email client may share data with us.  This is covered in our cookie notice (more on this below).

 

6. What personal data do we collect from you?

The following personal data may be collected from you through your use of the website or our applications or services;

• Contact information, such as first and last names, job title, email address and telephone number;
• Financial information, such as bank account and payment card details where you are transacting with Ideagen;
• Device and browser information, such as network and connection information (including Internet Service Provider and Internet Protocol (IP) addresses), device and browser identifiers and information (including device, application or browser type, version, plug-in type and version, operating system, user agent, language and time zone settings and other technical information), advertising identifiers, cookie identifiers and information and similar data;
• Account information, such as security-related information (including usernames, passwords and authentication methods);
• Usage information and browsing history, such as usage metrics, log files, content interactions and user journey history (including age navigations, a list of URLs starting with a referring site, timestamps, content viewed or searched for and other data relating to your activity on the website and the site you exit to);
• Organisational information, such as your employer or organisations of which you are a member, location, your status within an organisation, and similar data; and
• Any additional applicable information you, your employer or other organisation wishes to disclose.

 

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as it will not directly or indirectly reveal your identity. For example, we may aggregate your usage information to calculate the percentage of users accessing a specific website or application feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We may collect personal data either through direct or automated interactions.  We may also collect information about you from other sources which we may combine with personal data provided by you to help us update, expand and analyse our records and identify new customers. The personal data we collect from other sources includes identifiers, professional or employment-related information and may be obtained from third parties or public sources including (but not limited to) analytics providers, search information providers, social media profiles such as LinkedIn or from other individuals at your organization for one or more of the purposes as set out within this privacy policy

 

7. How do we use your personal data?

Any and all of the above personal data may be required by us from time to time in order for us to interact with you and to provide you with the best possible service and experience when using our website, application and/or services. We will always process your personal data for one or more of the following lawful bases:

• Performance of a Contract – where processing your personal data is necessary for the performance of a contract, including a contract entered into (or about to be entered into) by your employer or an organisation of which you are a member.
• Legitimate Interests – where processing your personal data is necessary for the legitimate interests of Ideagen or a third party, except where these interests are overridden by your fundamental rights and freedoms.
• Compliance with Law – where processing your personal data is necessary for us to comply with a legal obligation.
• Your Consent – where you have given us your informed consent to process your personal data for a designated purpose, such as to provide you with relevant promotional materials. Such consent can be withdrawn at any time by providing us with your written request to withdraw.

 

Specifically, your personal data may be used by us for the following reasons:

Use	Legal Basis
To provide, administer and analyse our Services	Performance of a Contract
For internal research and development for new content, products, and services, and to improve, test, and enhance the features and functions of our current Services. To use data analytics to improve our website, applications, services, marketing, customer relationships and experiences.	Legitimate interest
For internal record keeping	Performance of a Contract Legitimate interest
To detect and prevent fraud and abuse to ensure the security and protection of all customers and others, as well as to identify and authenticate your access to the applications and our services or to identify and authenticate you before we provide you with certain information	Legitimate interest
As part of ‘Ideagen Community’ (using Gainsight inSided) open forum for Ideagen customers and wider, to collaborate, discuss and provide user insight into Ideagen and its products.	Consent Legitimate interest
For cross-sell marketing activities to existing Ideagen customers of Ideagen’s wider product suite.  These may have been identified as relevant or applicable from previous purchases and/or interactions with Ideagen	Legitimate interest
To email promotional materials that may be of interest to you	Consent
To contact you for market research purposes which may be done using email, telephone, fax, or mail	Consent
To comply with your instructions or to fulfil other specific purposes for which you have given your consent	Consent
To comply with the law and our legal obligations, including to respond to a request or order from a court, regulator, or authority, as well as to fulfil our contractual obligations with our customers when they arrange access to our services for you	Compliance with Law Performance of a Contract
To exercise Ideagen’s legal rights, including to take action against those in breach of the terms and conditions applicable to our products and services	Compliance with Law Performance of a Contract
To effect the sale, merger, acquisition or other transfer of control of all or part of Ideagen or its business	Legitimate Interest

 

Unless we are obliged or permitted by law to do so, and subject to Clause 11 (see below), your personal data will not be disclosed to any third parties.

We take reasonable measures to ensure all information provided is managed securely. Access to the information you provide will be restricted to only those who have the relevant authority and is stored securely in accordance with the requirements under Data Protection Law.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use if for another reason and that reason is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent, in compliance with Data Protection Law, where this is required or permitted by law.

 

8. Where do we keep your data?

Your data may be kept in a number of locations depending on how you interact with us, including but not limited to the following;

• Amazon AWS
• Microsoft Azure
• Google Cloud
• Fresh Success
• Zendesk
• Salesforce
• Pardot
• Hubspot
• Cognism
• Netsuite
• Tipalti
• LinkSquares
• Plandek
• Gainsight
• Gainsight (inSided) – Ideagen Community
• ON24
• HR Software
• Learning and development products

 

If you are resident in the UK or EU your data will reside and be processed in a UK or EU data hosting instance.  For US residents your data will predominantly reside and be processed in the US.  For any non-UK, EU or US residents your data may reside and be processed in other geographical locations including Australia and Asia.

 

Where your data is to be processed in other locations this should be addressed in any MSSA, contract or data processing agreement for Ideagen customers.

 

9. How do we control and secure your personal data?

We employ technical and organisational measures to protect your data.  We are certified to the ISO 27001 standard which is an international standard for Information Security.  Certification requires an extensive suite of policies to be maintained covering information security standards and practices.  In addition to these policies Ideagen has a comprehensive approach with measures and controls in place to ensure personal data are secure.  These include (but are not limited to) staff training, internal working groups, continuous monitoring and improvement, relevant background checks (where required), physical measures at our office locations, data segregation within our environments and network access controls.

In accordance with the data subject’s rights under Data Protection Law, in certain circumstances where you are required to submit personal data, you will have to positively opt-in and will also be given options to restrict our use of your personal data. This may include the following:

• Use of personal data for direct marketing purposes; and
• Sharing personal data with third parties (subject to Clause 11).

 

10. Your rights in relation to your personal data

Under data protection law you have the following rights (these are not all absolute rights such as the right to be forgotten);

 

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure (also known as the right to be forgotten)
• Right to restriction of processing
• Right to object to processing
• Right to data portability
• Right not to be subject to automated decision making

 

In order to review any request in line with your rights it may be necessary to verify the identity of the person exercising their rights.  There is no charge for exercising your rights.  If you make a request you will receive a response within one month of making the request.  Should you wish to exercise any of these rights, please contact dataprotection@Ideagen.com.

 

In addition to the above rights you have the right to make a complaint.  If you have any concerns about our use of your personal information you can make a complaint to us at dataprotection@ideagen.com

 

You also have the right to complain to the ICO for any matters involving how your data may have been processed by us.  The contact details are set out below ;

 

ICO address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: www.ico.org.uk

 

Ideagen will provide full support to any user of an Ideagen product wishing to exercise their rights as set out in this Privacy Policy.  Upon receiving any such request, Ideagen may refer you to your employer/subscription holder where they are best situated to fulfil your request. 

You are also free to contact your employer/subscription holder directly in the event that you wish to exercise your rights under this Privacy Policy.

 

11. Do we use third party websites and services?

We may employ the services of other parties for dealing with matters that may include payment processing, delivery of purchased items, search engine facilities, customer support, advertising and marketing, website and data hosting and data analytics. We may provide the providers of such services with access to certain personal data provided by Users of the Website, Application or our Services.

Such personal data will, however, only be provided to such parties in accordance with this privacy policy and only to the extent required by them to perform the services that we request . 

 

12. What about links to other websites?

The website or application may provide links to third party websites, applications, products, software, services, or content. Clicking on any links or enabling any third-party plug-ins and applications may allow third parties to collect or share data about you. We have no control over such third parties and are in no way responsible for the content thereof. This privacy policy does not extend to your use of such third-party resources. Users are advised to read the relevant third party’s privacy policy or statement prior to using such resources.

 

13. What would happen if there are changes to the business ownership and control?

Our business is a growing one which means we are expanding.  As part of this growth it may also involve changes. As we expand and change our business this may involve the sale, merger, acquisition and/or the transfer of control of all or part of Ideagen or our business (including as the result of corporate re-structuring). Personal data provided by users will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this privacy policy, be permitted to use the personal data for the purposes for which it was originally supplied to us.

 

14. What about cookies?

As mentioned above,  Certain first party cookies may be placed and accessed on your device where we have consent on your behalf to this Privacy Policy and/or our Cookie Notice.  This type of cookie is directly placed by Ideagen via the website or application and only used by us.

You may receive certain third-party Cookies on your device. This type of cookie is placed by websites and/or parties other than Ideagen. Third-party cookies include (but are not limited to) tools used to collect and analyse usage statistics, such as Google Analytics 

We use Cookies to improve your experience of using the website or our applications and to improve our range of products and services. We have carefully chosen these Cookies and taken steps to ensure that your privacy is protected and always respected.

We use the following types of Cookies:

 

• Essential Cookies - these are cookies that are required or essential for the operation or function of our website, applications or services. They include, for example, Cookies that enable you to log into and use secure parts of the website, our applications or services.
• Analytical or performance Cookies - these allow us to recognise and track a users’ usage of the website, our applications or services. This allows us to improve the way the website, our applications or services work and/or are provided.
• Functionality Cookies
• Targeting Cookies

 

You can find more information about, including a full list of, the individual first- and third-party Cookies we use, the purposes for which we use them, which services and/or applications contain them and the name of any third party Cookie providers  .

All Cookies used by the website, our applications or services are used in accordance with current UK and EU Cookie Law.  

We use a Cookie Notice to obtain consent before any Cookies are placed on your computer in relation to your use of our website. By giving consent to the placing of Cookies you are enabling us to provide the best possible experience and service to you.

You may, if you wish, deny consent to the placing of Cookies; however certain features of the website, our applications or services may not function fully or as intended. You cannot opt out of Essential Cookies where they are required to operate the website. Similarly, there is no option to opt out of any Cookies necessary for the operation of our applications or services.

You may restrict or block the use of Cookies, including Strictly necessary Cookies, by changing your internet browser’s settings as detailed below. However, if you restrict or block any Strictly necessary Cookies you will be unable to access or use any part (including any features) of the website, our applications or services which depend on those Strictly necessary Cookies to function.

You can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third-party cookies. By default, most internet browsers accept Cookies, but this can be changed. For further details, please consult the help menu in your internet browser.

You can choose to delete Cookies at any time; however, you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings.

It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.

Cookies can also be disabled on your device by reviewing your browser settings.

 

15. Do you make any International Transfers of my personal data?

We may transfer personal data that we collect from you to other companies within the Ideagen group which are outside of the European Economic Area. In these cases, we ensure your personal data is protected by requiring all our group companies to follow the same rules when processing your personal data.

We may also transfer personal data that we collect from you to third party data processors located in countries that are outside of the European Economic Area. In these circumstances, we will always take measures to ensure we have adequate legal safeguards in place. For example, we have entered into written agreements with all relevant third-party processors that ensure your data receives the same protection as if it were being processed inside the European Economic Area.

A list of the third parties with whom we may share your personal data for the purposes set out in clause 7 above, can be provided upon request.

 

16. How long do we keep Personal Data?

Any personal data you submit will be retained by us for no longer than is necessary to fulfil the stated/contractual purposes, or as reasonably necessary for us to retain such information to provide you with the services which you have requested or for Ideagen to comply with laws and regulations (including satisfying any legal, regulatory, tax, accounting or reporting requirements). After the retention period is over, Ideagen securely disposes or anonymises your personal information to prevent loss, theft, misuse, or unauthorised access. If you withdraw your consent or request removal of your personal data, such data will be destroyed, but in doing so, you acknowledge that our ability to provide you with access to our website, application and services may be adversely affected. You can withdraw your consent or request removal of your personal data by contacting dataprotection@ideagen.com.

 

17. Changes to this Privacy Policy

We reserve the right to change this privacy policy as we may deem necessary from time to time or as may be required by law. Any changes will be posted promptly on the website and the application and you are deemed to have accepted the terms of this privacy policy on your first use of the website or application following any alterations.

 

Can we apply a general consent to sub-processors or do we require specific consent for individual sub-processors of the website

 

Do we use session based AND persistent cookies?

 

Session-based cookies exist only during a single session and disappear from your device when you close your browser or turn off the device. Persistent cookies remain.

 

Check position on performance of contract and cookies when b2b

 

Insert link to Cookie web-page. REMEMBER – because we will be updating this we need to make sure that the link in any Cookie Notice also gets updated to the correct web-page so that whenever new consent is granted Users know what they are consenting to.

 

As it stands, there are no overarching/nationwide laws in the US like the GDPR which governs data protection/cookie usage.   As a nation, we lag behind when it comes to data protection law. The only relevant US legislation is the CCPA (California Consumer Privacy Act), which is statewide and applies only to entities conducting business in California, and that state's consumers.

 

The CCPA is similar to the GDPR, but far less rigorous.  Put quickly, GDPR requires user's prior consent whereas CCPA requires businesses to give its users the ability to "opt out" of information collection processes.

 

Regarding cookie compliance w/ the CCPA, entities are required to acknowledge:  (1) if the data you get from cookies is sold/shared w/ 3rd parties; (2) that consumers have the right to opt out from non-essential cookies.

 

I take the position that because this policy was drafted in accordance with GDPR, the standards of which are far more rigorous than any in the US (including the CCPA), I believe the policy is fit for US purposes.