This GDPR Notice (“Notice”) supplements our Privacy Policy and applies to our processing of “personal data,” as defined in the General Data Protection Regulation (“GDPR”), as applied in the member states of the European Union and the European Economic Area, Switzerland and the United Kingdom (the “European Area”). In the provision of our Services and operation of our business we may process personal data of individuals, including staff of prospective or current Customers, our Customers’ end users, business contacts, vendors, and visitors to our Site (“Site Visitors”) who are located in the European Area (Individuals,” “you,” or “your”). This Notice is intended to provide you with certain information about our processing of your personal data and your rights under the GDPR. Any capitalised terms or other terms not defined herein shall have the meaning ascribed to them in the Privacy Policy or, if not defined herein or in the Privacy Policy, the GDPR. Please also see the rest of our Privacy Policy here.
With respect to any conflict between this GDPR Notice and the Privacy Policy, the GDPR Notice shall control only with respect to European Area Individuals and their personal data.
GDPR Disclosures
Processor Disclosure: We are a data processor of personal data that we receive from our Customers in connection with the provision of our Services to them. In these cases, the data controller (the entity that decides on the purposes of the processing and ways in which data is processed) is our Customer, and we only process personal data on behalf of and on the instructions of each Customer. In this GDPR Notice, we set out general information about our personal data processing, but for further details you should consult with the relevant data controller that you have interacted with.
When serving as a processor, we have certain obligations under the GDPR including only processing personal data pursuant to our Customers’ instructions, providing assistance to them, e.g., with fulfilment of Individual rights requests, and implementing appropriate security for personal data. We will normally forward any inquiries, complaints, or requests received from Individuals with respect to their personal data to the appropriate Customer and await instructions before taking any action.
Controller Disclosure & Details: We are a data controller of personal data regarding the following categories of Individuals for the purposes and under the legal bases described in the table below:
(a) Prospective/current customers and vendors, and any other business contracts such as journalists or influencers (collectively, “Business Contacts”), and
(b) Site Visitors.
DATA SUBJECT CATEGORY | PURPOSE & LEGAL BASIS OF PROCESSING |
Business Contacts | Provision and Management of Services; Customer Service; Direct Marketing; Service Demonstrations; Executing Contracts and other Legal Documents; and General Business Purposes: We use this information as it is necessary for our legitimate interests in: ♦ Performing contracts with Customers or taking requested steps to enter into such contracts ♦ Setting up, renewing, updating, and managing your organisation’s contract or account with us ♦ Billing and collections for our Services ♦ Making payments for products and services supplied to us ♦ Evaluating new services and products ♦ Recordkeeping, accounting, and meeting other legal requirements ♦ Managing, improving, and expanding our business and resources ♦ Answering inquiries including by email, web, telephone, and chat ♦ Responding to customer service requests ♦ Sending and analysing customer satisfaction surveys ♦ Organising events such as webinars ♦ Sending current or prospective Customers marketing materials ♦ Setting up demos with prospective Customers pursuant to their requests ♦ Communicating and managing our relationship with you (including by storing Business Contact information within a CRM or other system) ♦ Any other purposes set forth in our general Privacy Policy. |
Site Visitors | Information Security: Our web servers will log your IP address and other information (e.g., browser information, operating system, request date/time, user agent string, referral and exiting URL) in order to maintain an audit log of activities performed. We use this information as it is necessary for our legitimate interests in tracking Site and Services usage, combating DDOS or other attacks, and removing or defending against malicious individuals or programs on the Site and Services. Audience Measurement and Retargeting: We use this information as it is necessary our legitimate interests in understanding how Site Visitors interact with the Site and where such Site Visitors are located (up to city-level only) in order to optimise the Site experience. Note that the last octets of Site Visitors’ IP Addresses are anonymised. Request and Inquiries: Site Visitors may voluntarily provide personal data for the purpose of receiving additional information or registering for a Service or event. The personal data provided by Site Visitors is used only to provide them with communications in specialty areas they select. When Site Visitors register via our Site for an event (including webinars and hosted events), we use the personal data they have provided solely for purposes of contacting them about the event, and to let them know about future events if they have indicated that they would like to receive that information. We also use the information provided by our Site Visitors to respond to and process their requests. Usage and analytics information regarding Site Visitors is used to maintain audit logs of activity on our Sites, track usage of the Sites, improve, maintain and operate our Sites, and for security purposes. These activities use personal data that is necessary for our legitimate interests in communicating with Business Contacts and marketing our Services. |
*Where our processing is based on necessity for our legitimate interests, we will carry out a balancing test to ensure that such interests are not outweighed by your privacy interests, or rights and freedoms. All this personal data is business data and its processing should have no negative impact on your privacy.
Recipients: We receive and process your personal data for the purposes described herein. Such personal data is also disclosed to effectuate the purposes described herein to the following principal recipients, which may change from time to time:
- AWS (US): Cloud-based storage provider
- MailChimp (US): Cloud-based marketing automation platform
- Dropbox (US): Enterprise solution for secure file share
- Google Analytics (US): Site audience measurement
- AdRoll (US): Retargeting solution
- Pardot (US): Email marketing system
- Zoom Info (US): Business analytics
- Service Desk (US): Support ticket system
We also use other third-party service providers to provide services in connection with our Servies, Site and business. Recipients may include:
- our subsidiaries and affiliates involved with the provision of our Services;
- our Customers where we collect and process personal data on their behalf;
- providers of IT-related services (e.g. storage, hosting, management, maintenance, analytics);
- marketing, advertising, event registration or e-mail management service providers;
- payment processors;
- public authorities as required by applicable laws;
- the surviving entity in the case of a merger, dissolution, reorganisation or similar corporate event; or
- our accounting, legal, compliance, insurance, or banking service providers.
Our service providers will change from time to time. These third parties have access to your personal data only to perform specific tasks on our behalf and are obligated not to retain, use, or disclose your information for any other purpose.
Retention: Please see below for our general retention periods. Please note that the below retention periods may be extended or shortened, as appropriate, based on the context of our relationship with an Individual, for compliance with legal obligations (e.g., accounting, finances, tax), and to retain records in relation to possible future claims.
We will retain the personal data of staff of current and prospective Customers for as long as they have an active relationship with us, e.g. a current Services agreement, a subscription to marketing emails, or negotiations for or other demonstration of interest in our Services.
Otherwise, we will retain the personal data of staff of prospective Customers for seven (7) years, as, historically, we have seen that prospective Customers convert into paying Customers within such time period. Current Customer staff’s personal data will be retained until the relationship terminates, at which point their personal data will be retained by us for six (6) years from the last transaction involving this Customer, and any other related legal documentation will be retained permanently, or pursuant to our record retention policies. Other personal data will be retained by us in accordance with our record retention policies.
Your GDPR Rights: You may have various rights under the GDPR including to: (i) request access to, correction and/or erasure of your personal data; (ii) object to processing of your personal data; (iii) restrict processing of your personal data; and (iv) request a copy of your personal data, or have a copy thereof sent to another controller, in a structured, commonly used and machine readable format under the right of data portability. You may exercise these rights by contacting: privacy@iconectiv.com with the subject line “GDPR Notice.”
Where we process any data based on your consent, then you are always allowed to withdraw that consent at any time by contacting us (although the processing that took place before withdrawal will still be legal).
In the event of any claim or issue in relation to your personal data, we encourage you to contact us as set out at the end of this Notice, and we will always try to resolve it. You also have the right to lodge a complaint about the processing of your personal data with an appropriate data protection authority.
Objecting to Legitimate Interest/Direct Marketing: In certain circumstances, you may object to processing of your personal data by us. In such case, we will no longer process your personal data unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defence of legal claims. You may also object at any time to processing of your personal data for direct marketing purposes by clicking “Unsubscribe” within a marketing email or by submitting your request to marcom@iconectiv.com with the subject line “GDPR Notice” (where, for example, you would not like to receive follow-ups from our sales team). In such case, your personal data will no longer be used for that purpose.
Requirements to Provide Personal Data: As a Site Visitor, there is no obligation to provide any personal data to us. However, if you decide not to, then we may not be in a position to respond to your questions or requests, or some parts of the Site may not work as intended.
As a Customer staff member, we need to process certain information in order to provide our Services to you or your organisation in accordance with the relevant Services contract. You may not be able to access or use all or certain parts of our Services if we cannot process such information.
As a Business Contact, we need to process certain information in order to communicate with you, evaluate, purchase, or pay for goods or services, or otherwise manage our professional relationship with you. We may not be able to work together if we cannot process such information.
Transfer of Personal Data outside the European Area: Our corporate headquarters is located in the USA and we may access certain personal data from any of our offices, or store it on servers or with data processors located in the USA or other countries. Where this entails a transfer of personal data from the European Area to a place that has not been designated as an “adequate” country by the relevant European Area authorities, then we rely on Standard Contractual Clauses and other approved data transfer mechanisms to ensure adequate protection for your personal data. If we receive a valid request, a copy of the applicable safeguards in relation to international data transfers may be made available.
Disclosure to Public Authorities: iconectiv may be required to disclose personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.
Corporate Restructuring: In the event of a merger, reorganisation, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal data as set forth in this GDPR Notice.
Updates to this GDPR Notice: If, in the future, we intend to process your personal data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing. After such time, the relevant information relating to such processing activity will be revised or added appropriately within this GDPR Notice, and the “Last Updated” date at the top of this page will be updated accordingly.
How to Contact Us: Please contact privacy@iconectiv.com with any questions, complaints, or requests regarding this GDPR Notice; please include the subject line “GDPR Notice.” Our corporate contact details and the relevant data controller details are as set out in our Privacy Policy.