Data Privacy, Terms and Conditions
Types of Information We Collect.
The following provides examples of the type of information that we collect from you and how we use that information.
|Context||Types of Data||Primary Purpose for Collection and Use of Data|
|Customer User Information||We collect the name, username, and contact information, of our customers and their employees with whom we may interact.||We have a legitimate interest in contacting our customers and communicating with them concerning normal business administration such as projects, services, and billing.|
|Account Information (Customer User)||We collect personal data from our customers when they create an account to access and use the Services or request certain free Services from our Sites. This information could include business contact information such as name, email address, title, company information, and password for our services.||We have a legitimate interest in providing account related functionalities to our users, monitoring account logins, and detecting potential fraudulent logins or account misuse. Additionally, we use this information to fulfill our contract to provide you with Services.|
|Contact Information (Vendors)||Users of our service may ask their vendors or service providers to submit company and security related information on our platform (e.g., to complete a security questionnaire). When a user invites a vendor, we collect the name and email address of the vendor.||We have a legitimate interest in contacting vendors on behalf of our customers, to invite them to communicate with companies through our platform. Among other things, the communication allows our customers to efficiently solicit, and receive, security questionnaires, and allows vendors to efficiently solicit, and transmit, security questionnaires. Additionally, we use this information to fulfill our contract to provide Services which may include soliciting, receiving, transmitting, and hosting responses to security questions.|
|Account Information (Vendors)||We collect personal data from vendors when they create an account to access and use the Services. This information could include business contact information such as name, email address, title, company information, and password for our services.||We have a legitimate interest in providing account related functionalities to our vendor-users, monitoring account log-ins, and detecting potential fraudulent logins or account misuse. Additionally, in some cases, we use this information to fulfill our contract to provide vendor-users with Services.|
|Cookies and third-party tracking||We participate in behaviour-based advertising, this means that a third party may use technology (e.g., a cookie) to collect information about your use of our website so that they can provide advertising about products and services tailored to your interests on our website, or on other websites.||Where required by law, we base the use of third-party cookies upon consent.|
|Demographic Information||We collect personal information, such as your location and IP address.||We have a legitimate interest in understanding our users and providing tailored services.|
|Email Interconnectivity||If you receive email from us, we may use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases.||We have a legitimate interest in understanding how you interact with our communications to you.|
|Feedback/Support||We collect personal data from you contained in any inquiry you submit to us regarding our website or services, such as completing our online forms, calling, or emailing for the purposes of general inquiries, support requests, or to report an issue. When you communicate with us over the phone, your calls may be recorded and analysed for training, quality control and for sales and marketing purposes. During such calls we will notify you of the recording via either voice prompt or script.||We have a legitimate interest in receiving, and acting upon, your feedback, issues, or inquiries.|
|Mailing List||When you sign up for one of our mailing lists we collect your email address or postal address.||We share information about our products and services with individuals that consent to receive such information. We also have a legitimate interest in sharing information about our products or services.|
|Order Placement||We collect your name, billing address, shipping address, e-mail address, and phone number. To the extent that you have elected to pay using a credit card we also take (directly or through our payment processor) your payment card information.||We use and share your information to perform our contract to provide you with products or services.|
|Website interactions||We may use technology to monitor how you interact with our website. This may include which links you click on, or information that you type into our online forms. This may also include information about your device or browser.||We have a legitimate interest in understanding how you interact with our website to better improve it, and to understand your preferences and interests, to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud.|
|Web logs||We may collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors.||We have a legitimate interest in monitoring our networks and the visitors to our websites. Among other things, it helps us understand which of our services is the most popular.|
In addition to the information that we may collect from you directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources.
Use and processing of Information.
In addition to the purposes and uses described above, we may use information in the following ways:
- To identify you when you visit our website and services
- To provide our services
- To improve our services and offerings
- To promote the security of our website and services
- To conduct analytics
- To respond to inquiries related to support, employment opportunities, or other requests
- To send marketing and promotional materials including information relating to our products, services, sales, or promotions, or those of our business partners
- For internal administrative purposes, as well as to manage our relationships
How we may use information
Although the sections above describe our primary purpose in collecting your information, in many situations we have more than one purpose. For example, if you sign up for Services, we may collect your information to complete that transaction, but we also collect your information as we have a legitimate interest in maintaining your information after your transaction is complete so that we can quickly and easily respond to any questions about your Services. As a result, our collection and processing of your information is based in different contexts upon your consent, our need to perform a contract, our obligations under law, and/or our legitimate interest in conducting our business.
Sharing of Information
In addition to the specific situations discussed elsewhere in this policy, we disclose information in the following situations:
- Affiliates and acquisitions. We may share information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage
- Other disclosures with your consent. We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this policy
- Other disclosures without your consent. We may disclose information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for the shipment of products to or the provision of services by a third-party intermediary
- Service providers. We share your information with service providers. Among other things service providers help us to administer our website, conduct surveys, provide technical support, process payments, and assist in the fulfillment of orders
You may make the following choices regarding your personal information:
- Access to your personal information. You may request access to your personal information by contacting us at the address described below. If required by law, upon request, we will grant you reasonable access to the personal information that we have about you. We will provide this information in a portable format, if required. Note that Australian residents may be entitled to ask us for a notice describing what categories of personal information (if any) we share with third parties or affiliates for direct marketing.
- Changes to your personal information. We rely on you to update and correct your personal information. Most of our websites allow you to modify or delete your account profile. If our website does not permit you to update or correct certain information, you can contact us at the address described below to request that your information by modified. Note that we may keep historical information in our backup files as permitted by law.
- Deletion of your personal information. Typically, we may retain your personal information for the period necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. You may, however, request information about how long we keep a specific type of information, or request that we delete your personal information by contacting us at the address described below. If required by law we will grant a request to delete information, but you should note that in many situations we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes.
- Objection to certain processing. You may object to our use or disclosure of your personal information by contacting us at the address described below
- Online tracking. We do not currently recognise automated browser signals regarding tracking mechanisms, which may include "Do Not Track" instructions
- Promotional emails. You may choose to provide us with your email address for the purpose of allowing us to send free newsletters, surveys, offers, and other promotional materials to you, as well as targeted offers from third parties. You can stop receiving promotional emails by following the unsubscribe instructions in e-mails that you receive. If you decide not to receive promotional emails, we may still send you service-related communications
- Revocation of consent. If you revoke your consent for the processing of personal information, then we may no longer be able to provide you services. In some cases, we may limit or deny your request to revoke consent if the law permits or requires us to do so, or if we are unable to adequately verify your identity. You may revoke consent to processing (where such processing is based upon consent) by contacting us at the address described below
Please address written requests and questions about your rights to firstname.lastname@example.org
Note that, as required by law, we will require you to prove your identity. We may verify your identity by phone call or email. Depending on your request, we will ask for information such as your name or other account information. We may also ask you to provide a signed declaration confirming your identity. Following a request, we will use reasonable efforts to supply, correct or delete personal information about you in our files.
In some circumstances, you may designate an authorised agent to submit requests to exercise certain privacy rights on your behalf. We will require verification that you provided the authorised agent permission to make a request on your behalf. You must provide us with a copy of the signed permission you have given to the authorized agent to submit the request on your behalf and verify your own identity directly with us. If you are an authorized agent submitting a request on behalf of an individual, you must attach a copy of the following information to the request:
- A completed, signed agent designation form indicating that you have authorization to act on the consumer’s behalf
- If you are a business, proof that you are registered with the Australian Securities and Investments Commission to conduct business in Australia.
If we do not receive both pieces of information, the request will be denied.
How we protect personal information
No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from unauthorised access, use, or disclosure, we cannot guarantee the security of your personal information. In the unlikely event that we are required by law to inform you of a breach to your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
Some of our websites permit you to create an account. When you do you will be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password, whether such access or use has been authorised by you. You should notify us of any unauthorised use of your password or account.
Other Important Information
The following additional information relates to our privacy practices:
- Transmission of information to other countries. IDH is located in Sydney Australia. Our service providers and other third parties you may interact with in connection with our services maybe located in Australia and other countries around the world. As a result, your information may be processed in a foreign country where privacy laws may be less stringent than the laws in your country. Nonetheless, where possible we take steps to treat personal information using the same privacy principles that apply pursuant to the law of the country in which we first received your information. By submitting your personal information to us you agree to the transfer, storage, and processing of your information in a country other than your country of residence including, but not necessarily limited to Australia. If you would like more information concerning our attempts to apply the privacy principles applicable in one jurisdiction to data when it goes to another jurisdiction you can contact us using the contact information below.
- Third party applications or websites. We have no control over the privacy practices of websites or applications that we do not own.
- Accessibility. If you are visually impaired, you may access this notice through your browser’s audio reader.
If you have any questions, comments, or complaints concerning our privacy practices please contact us at the appropriate address below. We will attempt to respond to your requests and to provide you with additional privacy-related information email@example.com