In compliance with the EU General Data Protection Regulation (GDPR), the Protection of Personal Information Act, 2013 (POPIA), and related data protection legislation, this Policy describes how we collect, store and use your personal data.
Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you. This policy is intended to help you understand:
This policy is intended to help you understand:
This policy covers the personal information we collect about you when you use our products or services, interact with us via our online platforms and any other instances where IES may collect your personal data. If you do not agree with this policy, please do not access or use our Products.
Please note that where IES Products are made available to you through an organization (e.g. your employer) or an IES accredited practitioner, that organization or practitioner is the administrator of the Products and controller of your personal information. If this is the case, please direct your data privacy questions to the relevant data controller.
'IES', 'we' and 'us' are used to refer to IES throughout this policy. We offer a wide range of products and refer to all of these products, together with any services we may offer or online platforms we make available, as 'Products' in this policy. Where we refer in this policy to your 'personal data' or 'personal information' we mean any recorded information that is about you and from which you can be identified. 'Personal data' or 'personal information' does not include data where your identity has been removed (anonymised/ de-identified data). Where we refer to the 'processing' of your personal data, we mean any operation or activity concerning that personal data, including collecting, use, storage, disclosure, deletion or retention.
We collect information from you so that we can provide you with the relevant products and services you require. You can always choose not to provide certain personal information, however in some cases this decision may limit your access to all the features of the relevant product. The types of information we collect from you are dependent on the relationship we have with you, but can include the following:
We collect information about you when you provide it to us, when you use our Products, and when other sources provide it to us, as further described below.
2.1 Information you provide to us We collect information about you when you input it into the Products, make contact through our online platforms or support channels, or otherwise provide it directly to us.
2.1.1 Account and Profile Information: We collect information about you when you purchase our products or services. When you register for certain paid products, we will ask you to designate a billing representative, including name and contact information. You might also be asked to provide payment information, such as payment card details, which are collected via secure payment processing services.
2.1.2 Content you provide through our products: When you use IES products, we collect and store the information that you supply when you complete the relevant questionnaire. This includes personal information such as first name, surname and contact details.
2.1.3 Content you provide through our online platforms: We collect information that you provide through our online platforms, including our website and the social networking platforms operated by us. You provide personal data to us when you voluntarily engage with us or share feedback through these platforms.
2.1.4 Information you provide through our support channels: We collect information through our customer support channels, where you may choose to submit information regarding a problem you are experiencing with a Product.
2.1.5 Special Categories of Data: We do not collect any special category data. Special category data includes details about race or ethnicity, political opinions, religious and philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or sex life and sexual orientation.
2.2 Information we collect automatically when you use the Products: Certain anonymous/de-identified data is collected when you browse our website and interact with Products. This data is not linked with your personal information.
2.2.1 Device and Connection Information: Information is generated automatically by your visits and actions on our site. This can include data about how you interact with and use features in the Products, as well as information about your device, browser type and IP address. This data is anonymous/de-identified and is not linked with your personal information. We collect this information via cookies, and how much of this information we collect depends on the type and settings of the device you use to access the Products.
How we use the information we collect depends in part on which Products you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.
3.1 Purposes for which we use the information we collect
3.1.1 To provide the Products and personalize your experience: We use information about you to provide you with the Products and services that you have requested and purchased. We also use information to personalise our service to you, for example where you use multiple Products, we will combine information to provide an integrated experience.
3.1.2 Customer support: We use your information to resolve technical issues you encounter and to respond to your requests for assistance.
3.1.3 To communicate with you about the Products: We use your contact information to send transactional communications via email, including confirming your purchases, responding to your questions and requests, providing customer support, and sending you updates, security alerts and administrative messages.
3.1.4 To market, promote and drive engagement with the Products: Based on your consent, your Product usage and your interactions with us we, use your contact information to send promotional communications that may be of specific interest to you. These can include information about new product offers, events we think may be of interest to you as well as our newsletter. You can control your marketing and contact preferences by using the unsubscribe link within each email or by contacting us directly.
3.1.5 For safety and security: We use information about you and your Product usage, to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of use policies.
3.1.6 Aggregated data for research and development: We are always looking for ways to make our Products smarter, faster, more secure, integrated, and useful to you. We use aggregated anonymised/de-identified information about how people use our Products, to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Products. No person is identifiable from this data.
3.1.7 With your specific consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Products, with your permission.
3.1.8 To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights and interests, we may use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of IES.
The only instances where your information may be shared are with the specific data controller that facilitated your use of our products and services, with our selected sub-processor who securely stores all the personal data we collect or with your specific consent. Please note that we will never share or sell information about you to advertisers or any other third parties.
4.1 iEQ9 Accredited Practitioners (acting as data controllers): In some cases we work with data controllers, processing data on their behalf. If we collect and process your personal information as a result of your relationship with a data controller (i.e. if you are a client of a specific IES accredited practitioner or if you have accessed our products through your employer), then we will share your information with the relevant data controller in connection with their provision of our Products.
4.2 With your specific consent: We may share information about you when you give us specific consent to do so. For example, we often display personal testimonials of satisfied customers on our public websites. With your consent, we may post your name alongside the testimonial.
4.3 Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights: In exceptional circumstances, we may share information about you with law enforcement agencies or regulators if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce our agreements, policies and terms of service, (c) protect the security or integrity of our products and services, (d) protect IES, our customers or the public from harm or illegal activities, or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
5.1 Information storage and security We are committed to protecting personal data from any unauthorized access or disclosure, and all our software is designed and built with privacy protection as a priority.
We use secure data hosting service providers in the Netherlands. This includes that the personal data is encrypted and protected behind a secure firewall on the highest-level security settings, and all access is restricted, password protected and monitored. All employees authorized to access personal data, have committed to appropriate confidentiality. In the case of a breach or security incident, we have appropriate security incident management policies and procedures in place and IES will notify regulators of breaches and with technical and organizational measures in place to secure your personal data promptly communicate any breaches to affected customers and users.
While we implement safeguards designed to protect your information, no system is impenetrable and due to the inherent nature of the Internet, transmissions via the internet are done at the user's own risk. Where you have and use a password to access our Products, it is important that you keep that password confidential and protect your computer against unauthorized access.
5.2 How long we keep information The period of time for which we retain data depends on the type of information. Personal data will only be kept for as long as it is required to fulfil the purposes for which it was collected, which includes to comply with our legal obligations, to enforce our agreements and to support relevant business operations. After such time, we will either delete or anonymize/de-identify your information.
You have rights available to you when it comes to your personal information. Below is a summary of these rights and how to exercise them. Where we are a data processor in relation to your personal data, we will communicate with and support the relevant data controller to fulfil your request. There may be certain cases where we have compelling legitimate interests or legal grounds which override the rights outlined below.
6.1.1 Request access to or correction of your personal information: You can update your basic profile information and modify content that contains information about you through your account profile. You can also request access to your personal data and correction of any incomplete or inaccurate personal information. It is your responsibility to ensure the accuracy of your personal data, please keep us informed of any changes.
6.1.2 Request erasure of your personal information: Our products give you the ability to delete certain information about yourself, and you can contact us to request that we erase all your personal data. Please note that there may be legal reasons that we need to retain certain information about you, in which case we will notify you in response to your request.
6.1.3 Request that we stop using your personal information: You may object to our processing of your personal data, where you believe we don't have the appropriate grounds to do so. Where your objection is successful, you can request that we delete your personal information.
6.1.4 Withdraw your consent: Where you gave us consent to use your information for a specific purpose, you can contact us to withdraw that consent. This will not affect any processing that has already taken place at the time.
6.1.5 Request restriction of processing your personal information: You can request the restriction of processing of your personal data if you need to establish the data's accuracy, where you have objected to our processing but want us to continue to hold the data or where there is a request or dispute in relation to your personal data that needs to be investigated or resolved.
6.1.6 Request the transfer of your personal data: Data portability is the ability to obtain some of your information in a structured electronic format that you can move from one service provider to another. Should you request it, we will assist you with the transfer of your personal data to you or a third party you have chosen.
6.1.7 Opt out of Communications: You may opt out of receiving promotional communications from us by using the unsubscribe link within each email, or by contacting us to have your contact information removed from our promotional email list or registration database.
7.1 International transfers of information we collect We collect information globally and store that information in a secure data centre in the Netherlands. We capture, store and backup your information in the Netherlands, for the purpose of providing you with our Products, and do not transfer your information outside of the Netherlands.
Where we operate as the data processor in relation to your personal data, the data controller that you work with will be able to access your data and may do so in a country outside of your country of residence. Data controllers only have access to the personal data that they control (i.e. the data of their clients), and where relevant they operate under the conditions of a data processing agreement.
8.1 Privacy Shield Notice If a situation arises where we are required to share information of customers in the European Economic Area or Switzerland, we comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, European Commission-approved standard contractual data protection clauses, binding corporate rules for transfers to data processors, or other appropriate legal mechanisms to safeguard the transfer. Please see our Privacy Shield Notice below.
Under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, we are responsible for the processing of information about you we receive from the EU and Switzerland and onward transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for such onward transfers and remain liable in accordance with the Privacy Shield Principles if third-party agents that we engage to process such information about you on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
To learn more about the Privacy Shield Program, please see here www.privacyshield.gov. We encourage you to contact us as provided below, should you have a Privacy Shield-related (or general privacy-related) concern. We are also committed to cooperating and complying with the information and advice provided by an informal panel of data protection authorities in the European Economic Area and/or the Swiss Federal Data Protection and Information Commissioner (as applicable) in relation to unresolved complaints (as further described in the Privacy Shield Principles). You may also contact your local data protection authority within the European Economic Area or Switzerland (as applicable) for unresolved complaints. Under certain conditions, more fully described on the Privacy Shield website, including when other dispute resolution procedures have been exhausted, you may invoke binding arbitration. We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
8.2 Children Our Products are not directed to individuals under 18. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact us.
8.4 Contact Us If you have questions or concerns about how your personal information is handled, please direct your inquiry to our Data Protection Officer on firstname.lastname@example.org