Privacy Policy

Last updated: 30th April 2025 | Revision 11

ldeagen is committed to ensuring that any personal data entrusted to ldeagen, whether as a processor or controller, that is collected, used, held or otherwise processed is in compliance with the UK GDPR, GDPR as well as various US federal regulations (such as HIPAA) and state regulations (such as the CPRA, CCPA, VCDPA), the Privacy Act 1988 (Cth) for Australia, Privacy Act 2020 for New Zealand, or any other privacy regulation applicable in the country of residence of the data subject. This is achieved by utilising the appropriate technical and organisational controls and measures.

ldeagen (including all subsidiaries within the U.S. listed below) has self-certified under the EU-U.S. Data Protection Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom and Switzerland, to the United States. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the UK Extension, or the Swiss-U.S. DPF, then the Principles shall govern.

More details can be located here;

https://www.dataprivacyframework.gov

The ldeagen subsidiaries that adhere to the DPF framework are listed below:

Advanced Digital Systems Inc. (Mi-Co), CompliancePath LLC, Covalent Software Inc, DevonWay, Inc., Heat Parent Inc. (ProcessMAP), Heat Purchaser LLC (ProcessMAP), Huddle Inc, ldeagen Inc, ldeagen Software Inc, lnspectionXpert Corp, Ives Group Inc. (Audit Analytics), Medforce Technologies Inc., Ocean Cloud Software Inc, ProcessMAP Corporation, ProcessMAP Holdings Corporation, Qualtrax Inc., Triton Software Corporation

 

1. Who is this Privacy Policy for?

This Privacy Policy applies to anyone interacting with ldeagen or any affiliated companies, including users of our products, websites, applications, or services, where personal data is processed.

This includes

• Users accessing or using ldeagen websites or applications
• Users of our services where we act as a controller or processor of personal data
• Employees or representatives of ldeagen vendors, suppliers, or partners
• Anyone communicating with ldeagen (via email, phone, chat, or otherwise)

This Privacy Policy does not extend to third-party websites, applications, or social media platforms accessible via our services. Please refer to their respective privacy policies.

 

2. What is this Privacy Policy about?

This policy explains what personal data we collect from you, how and why we collect it, how we use it and who we share it with. It outlines your rights and ldeagen's position as either data controller or data processor of your data. This is dependent on how you interact with us.

 

3. Who is the controller or processor of your data?

ldeagen acts as the data controller when we decide how and why your personal data is processed. This is when you use our websites, applications, or services.

If we are the controller, we are responsible for compliance with data protection law. If a third-party is the controller, they are responsible.

When we act as the data processor we will only use your personal data as authorised and instructed by a contracted entity or a third-party (the data controller) in connection with the website, or our applications or services. For any concerns relating to the processing of your data we refer you to the relevant controller.

 

4. How can you contact us?

ldeagen is a limited company incorporated in England and Wales (company number 02805019) and having its registered address at One Mere Way, Ruddington, Nottingham, England, NGll 6JS.

ldeagen has appointed a Data Protection Officer (DPO) and a dedicated privacy team to oversee our privacy program, ensuring compliance with applicable laws and the integration of best practices across the organisation.

Any comments, complaints or questions regarding this policy may be addressed to dataprotection or alternatively you can call us toll free (for US residents) on +1 888 882 2082.

Further information regarding office locations with contact details can be found on our website;

https://www.ideagen.com/company/contact-us

5. How do we collect your personal data?

We collect personal data from you:

• Directly (e.g., via forms, chat bot 'Genny', web enquiries, documents, phone, or email).
• Your devices and browsers (see Cookie Notice).
• Third parties, such as data providers (e.g., Zoomlnfo, Cognism) for sales and business development.
• For some of our products (e.g., workforce management), we may collect personal information from the employer of the data subject, who is also the data controller.

We recommend reviewing the privacy policies of third-party data providers.

 

6. What personal data do we collect from you?

The following personal data may be collected from you depending on your interaction with us;

• Contact information, such as first and last names, job title, email address and telephone number;
• Financial information, such as payment details;
• Device and browser information, such as network and connection information (including Internet Service Provider and Internet Protocol (IP) addresses), device and browser identifiers and information (including device, application or browser type, version, plug-in type and version, operating system, user agent, language and time zone settings and other technical information), advertising identifiers, cookie identifiers and information and similar data;
• Account information, such as usernames, passwords and authentication methods;
• Usage information and browsing history, such as usage metrics, log files, content interactions and user journey history;
• Organisational information, such as your employer, your role, affiliations, and location; and
• Any other information you, your employer or other organisation wishes to disclose.

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as it will not directly or indirectly reveal your identity. For example, we may aggregate your usage information to calculate the percentage of users accessing a specific website or application feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We may also collect aggregated, anonymised data for analytics. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

Data may be collected directly, automatically, or from external sources such as public websites (e.g., Linkedln).

Our services are designed for a general audience and are not specifically targeted at children. We are committed to safeguarding the privacy of young individuals. We do not knowingly collect, use, or disclose information from children under the age of 13, or the applicable age limit in other jurisdictions where we operate or have data subjects. Should we become aware that we have inadvertently received personal information from a child below the age threshold as defined by relevant local laws, we will take immediate steps to delete such information from our records. If you believe we might have any information from or about a child below the applicable age limit, please contact us so we can ensure any such information is removed promptly.

 

7. How do we use your personal data?

We will process your personal data for one or more of the following lawful bases:

• Performance of a Contract - where processing your personal data is necessary for the performance of a contract, including a contract entered into (or about to be entered into) by your employer or an organisation of which you are a member.
• Legitimate Interests - where processing your personal data is necessary for the legitimate interests of ldeagen or a third party, except where these interests are overridden by your fundamental rights and freedoms.
• Compliance with Law - where processing your personal data is necessary for us to comply with a legal obligation.
• Your Consent - where you have given us your informed consent to process your personal data for a designated purpose, such as to provide you with relevant promotional materials. Such consent can be withdrawn at any time by providing us with your written request to withdraw.

 

Specifically, your personal data may be used by us for the following reasons:

Use	Legal Basis
To provide the contracted services for which you have engaged ldeagen.This may be one of our products or other service offerings such as professional services, validation services or carbon accounting services.	Performance of a Contract
To provide, administer and analyse our Services which includes sending operational emails and communications to gain insight into our user experience to enhance product functionality.	Performance of a Contract
To provide Al services within our product environments where deployed and procured by our customers. The default position is that no personal data will be utilised in any Al functionality. The exception to this requires the customer to be given constructive notice and provide their subsequent express consent for such use.	Consent
For internal research and development for new content, products, and services, and to improve, test, and enhance the features and functions of our current Services. To use data analytics to improve our website, applications, services, marketing, customer relationships and experiences.	Legitimate interest
For internal record keeping	Performance of a Contract Legitimate interest
To detect and prevent fraud and abuse to ensure the security and protection of all customers and others, as well as to identify and authenticate your access to the applications and our services or to identify and authenticate you before we provide you with certain information	Legitimate interest
As part of 'ldeagen Community' (using Gainsight inSided) open forum for ldeagen customers and wider, to collaborate, discuss and provide user insight into ldeagen and its products.	Consent Legitimate interest
For cross-sell marketing activities to existing ldeagen customers of ldeagen's wider product suite. These may have been identified as relevant or applicable from previous purchases and/or interactions with ldeagen	Legitimate interest
To email promotional materials that may be of interest to you	Consent
To contact you for market research purposes which may be done using email, telephone, fax, or mail	Consent
To comply with your instructions or to fulfil other specific purposes for which you have given your consent	Consent
To comply with the law and our legal obligations, including to respond to a request or order from a court, regulator, or authority, as well as to fulfil our contractual obligations with our customers when they arrange access to our services for you	Compliance with Law Performance of a Contract
To exercise ldeagen's legal rights, including to take action against those in breach of the terms and conditions applicable to our products and services	Compliance with Law Performance of a Contract
To effect the sale, merger, acquisition or other transfer of control of all or part of ldeagen or its business	Legitimate Interest

 

We will only use your personal data for the purposes for which it was collected. We do not process or share your personal data unless required by law or with your consent.

 

8. Do we sell or share your personal data?

We will never sell or share your data to external parties for marketing or other purposes not related to the performance of your duties.

9. Where do we keep your data?

Data may be hosted in systems including (but not limited to):

 

• Cloud service providers
• Customer relationship management (CRM) platforms
• Enterprise resource planning (ERP) systems
• Marketing automation tools
• Various business applications (e.g., learning platforms, billing/subscription services, HR software)

 

For EU/UK residents, data is hosted in the EU/UK. For U.S. residents, it is primarily hosted in the U.S. Other geographies may apply for non-EU/UK/US users.

Please refer to our Schedule of Sub-processors for full details.

 

10. How do we control and secure your personal data?

We employ technical and organisational measures to protect your data. We are certified to the ISO 27001:2022 standard which is an international standard for Information Security. Certification requires an extensive suite of policies to be maintained covering information security standards and practices. In addition to these policies ldeagen has a comprehensive approach with measures and controls are in place to ensure personal data are secure. These include (but are not limited to) staff training, internal working groups, continuous monitoring and improvement, relevant background checks (where required), physical measures at our office locations, data segregation within our environments and network access controls. Where required, we offer opt-in and opt-out options for data use in marketing and data sharing.

 

11. Your rights in relation to your personal data

Under data protection law you have the following rights (these are not all absolute rights such as the right to be forgotten);

 

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure (also known as the right to be forgotten)
• Right to restriction of processing
• Right to object to processing
• Right to data portability
• Right not to be subject to automated decision making
• Right to opt out of sale of personal data (CCPA)
• Right to opt in for sensitive data processing (CCPA)
• Right to non-discrimination for exercising privacy rights

 

In order to review any request in line with your rights it may be necessary to verify the identity of the person exercising their rights.  There is no charge for exercising your rights.  If you make a request you will receive a response within one month of making the request.  Should you wish to exercise any of these rights, please contact dataprotection@Ideagen.com.

 

In addition to the above rights you have the right to make a complaint.  If you have any concerns about our use of your personal information you can make a complaint to us at dataprotection@ideagen.com.

 

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, ldeagen commits to cooperate and comply with the advice of the EU Data Protection Authorities, UK Information Commissioner's Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

 

You have the right to complain to the ICO for any matters involving how your data may have been processed by us. The contact details are set out below;

ICO address:             Information Commissioner’s Office

                                    Wycliffe House

                                    Water Lane

                                    Wilmslow

                                    Cheshire

                                    SK9 5AF

Helpline number: 0303 123 1113

ICO website: www.ico.org.uk

 

ldeagen will provide full support to any user of an ldeagen product wishing to exercise their rights as set out in this Privacy Policy. Upon receiving any such request, ldeagen may refer you to your employer/ subscription holder where they are best situated to fulfil your request.

You are also free to contact your employer/ subscription holder directly in the event that you wish to exercise your rights under this Privacy Policy. In addition to the above and in compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, ldeagen commits to cooperate with any additional supervisory authority established by the EU data protection authorities (DPAs) and the UK Information Commissioner's Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

The Federal Trade Commission has jurisdiction over ldeagen's compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). As a last resort and under limited conditions, UK, EU and Swiss individuals with residual complaints may invoke a binding arbitration option before the Data Privacy Framework Panel.

 

11. Do we use third party websites and services?

We may employ the services of other parties for dealing with matters that may include functions such as:

 

• Payment processing
• Hosting and analytics
• Marketing
• Customer Support

 

Such personal data will, however, only be provided to such parties in accordance with this privacy policy and only to the extent required by them to perform the services that we request. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, ldeagen shall remain liable under the DPF Principles if its agents process such personal information in a manner inconsistent with the DPF Principles, unless ldeagen proves that it is not responsible for the event giving rise to the damage. All circumstances where such a transfer takes place shall be covered by the appropriate data protection addendum or Standard Contractual Clauses (SCCs).

 

12. What about links to other websites?

The website or application may provide links to third party websites, applications, products, software, services, or content. Clicking on any links or enabling any third-party plug-ins and applications may allow third parties to collect or share data about you. We have no control over such third parties and are in no way responsible for the content thereof. This privacy policy does not extend to your use of such third-party resources. Users are advised to read the relevant third party's privacy policy or statement prior to using such resources.

 

13. What would happen if there are changes to the business ownership and control?

In the event of a sale, merger, or acquisition, your personal data may be transferred. The new owner will be bound by the same terms outlined in this Privacy Policy.

 

14. What about cookies?

We use cookies to improve user experience. Cookies fall into these categories:

 

• Essential Cookies
• Analytical/Performance Cookies
• Functionality Cookies
• Targeting Cookies

 

Cookies may be set by ldeagen or third-parties (e.g., Google Analytics).

You may restrict cookies in your browser settings. However, essential cookies are required for functionality and cannot be disabled.

You can find more information about cookies in our Cookie Notice and also a full list of the individual first- and third-party Cookies we use, the purposes for which we use them, which services and/or applications contain them and the name of any third-party Cookie providers here.

All Cookies used by the website, our applications or services are used in accordance with current UK and EU Cookie Law.

 

15. Do you make any International Transfers of my personal data?

We may transfer personal data that we collect from you to other companies within the ldeagen Group which are outside of the geographic region you are located. In these cases, we ensure your personal data is protected by requiring all our group companies to follow the same rules when processing your personal data.

We may also transfer personal data that we collect from you to third party data processors located in countries which are outside of the geographic location you are located. In these circumstances, we will always take measures to ensure we have adequate legal safeguards in place. For example, we have entered into written agreements with all relevant third-party processors that ensure your data receives the same protection as if it were being processed by ldeagen Group.

A list of the third parties with whom we may share your personal data for the purposes set out in clause 7 above, can be provided upon request.

 

16. How long do we keep Personal Data?

We retain personal data only as long as necessary for the purposes collected, legal compliance, or contractual obligations.

Upon expiry, data is securely deleted or anonymised. You can request deletion by contacting dataprotection@ideagen.com, though this may affect your access to services.

 

17. Changes to this Privacy Policy

We reserve the right to change this privacy policy as we may deem necessary from time to time or as may be required by law. Any changes will be posted promptly on the website and the application and you are deemed to have accepted the terms of this privacy policy on your first use of the website or application following any alterations.