Privacy Policy

Current Version: 1.3
Last Updated: 7/1/2025

1. Introduction

Welcome. You have arrived at a website operated by the Institute for Applied Network Security (“IANS,” “we,” “our” or “us”). IANS Research is a clear-headed resource for decision making and articulating risk. We provide experience-based security insights for Chief Information Security Officers and their teams. The core of our value comes from the IANS Faculty, a network of seasoned practitioners. We support client decisions and executive communications with Ask-an-Expert inquiries, our peer community, deployment-focused reports, tools and templates, and consulting.

At IANS, we take your privacy seriously. We provide this Privacy Notice (“Notice”) to tell you what information we collect about you, how we obtain it, how we share it, and how you may limit the ways in which we use your Personal Information. If you have questions about this Notice after you review it, feel free to contact us at privacy@iansresearch.com

2. Scope

This Notice governs iansresearch.com, its subdomains, and all subdomains or portals that link to this Notice (“Site”); or otherwise when you provide Personal Information or interact with us online or in-person. This Notice also applies to Personal Information that we may collect from you via phone calls or other communications with our representatives or in any other instance when you contact us. For the purpose of this Notice, "Personal Information" (also known as “personal data”) means any Personal Information relating to an identified or identifiable individual that is protected by applicable privacy laws. The definition of Personal Information does not include publicly available information from federal, state, or local government records, such as professional licenses and real estate or property records.

We refer to all the above as our “Services.” Our Services are used by prospective, current and past clients (“Clients”), members of our faculty (“Faculty”), individuals who apply for employment with us (“Job Applicants”) and individuals who visit the Site (“Website Visitors”).

By using our Site or otherwise using our Services, you acknowledge this Notice and agree to our Terms of Service (“Terms”).

3. What Information We Collect

As a rule, we limit the Personal Information we collect to that which is adequate, relevant and reasonably necessary for us to provide our Services to you.

Information That You Provide to Us

As you interact with our Site or Services, we only collect Personal Information that is relevant and reasonably necessary for us to provide our Services to you. This includes any information you provide:

  • via webforms and uploads to our Site, including our surveys;
  • when you attend our events; and
  • through telephone calls, emails, and other communications with you.

Please do not provide any sensitive Personal Information in our communications with you.

In the previous 12 months, we have collected the following Personal Information:

Clients

  • Contact information such as your first and last name, email address, company, title, business address collection are required, with optional voluntary telephone and mobile numbers collection.
  • For corporate payment, we do not conduct credit or background history reviews on our clients. We collect client payments via ACH (Automated Clearing House), which involves direct bank-to-bank transfer and banking information collection.

Faculty

  • Contact information such as your first and last name, email address, company, title, business and personal physical/mail address, telephone numbers, mobile numbers.
  • Financial information such as your bank account information.
  • Audiovisual information such as a headshot or video.
  • Employment history.
  • Criminal background checks.
  • Certifications and licensing checks.

Job Applicants

  • Contact information such as your first and last name, user name, email address, home or business address, shipping address, telephone numbers, mobile numbers;
  • Background checks;
  • Employment history; and
  • Certifications and licensing checks.

Website Visitors

  • Contact information such as your first and last name, email address, telephone numbers, mobile numbers, company and title.

Information Collected Automatically

Like many businesses, we and our service providers automatically collect information about how and when you interact with our Site or Services (“Usage Information”), including via cookies and other tracking technologies (see Use of Cookies and Other Tracking Technologies section below). This Usage Information may be stored on and/or accessed from your device whenever you visit or interact with our Site. Usage Information includes:

  • Your IP address, IDFA, Android/Google Advertising ID, IMEI, or another unique identifier;
  • Your Device functionality (including browser, browser language, settings and behavior, operating system, hardware, mobile network information);
  • Referring and exit web pages and URLs;
  • The areas within the Site that you visit and your activities there, including remembering you and your preferences;
  • Your Device location or other location information, including the zip code, state or country from which you accessed the Services;
  • Your Device characteristics (such as device type (computer vs. mobile) and ID, operating system, hardware);
  • Certain other Device data, including the time of day you visit our Site or other information used to provide analytics or other usage information;
  • Information about your engagement with our emails; and
  • Statistical information about how both unregistered and registered users, collectively, use the Site and Services.
  • Location information, where you are using location-based services and have enabled location features on your device.

We may also collect sensory data such as CCTV recordings from our facilities or premises to protect the health and safety of our employees, Customers, and guests, and to prevent, investigate, and prosecute fraud and other criminal activities. We may record your voice when you contact our customer service-related teams.


Information Collected from Third Parties

The Site includes functionality that allows certain kinds of interactions between the Site and your account on a third-party website or application. The use of this functionality may involve the third-party site providing information to us.

IANS does not have control over the information that is collected, used, and shared by these third parties. We encourage you to review the privacy statements of these third parties to understand their privacy practices.

4. Why We Collect Information

We use the information we collect about you in a variety of ways, including the following:

To Provide Our Services

We process certain Personal Information when you access or use our Services, including to:

  • access the client portal;
  • provide research and insights, as well as decision support;
  • offer events and workshops;
  • for our surveys, including our Benchmark and Staff surveys;
  • provide consulting services;
  • operate, maintain and improve the Site;
  • enable you to access and use the Site;
  • send you notices, updates, security alerts and support and other messages;
  • provide and deliver the Services and features you request, process and complete transactions, and send you related information, including purchase confirmations and invoices;
  • process your purchases of, or requests for our Services;
  • create and verify user accounts;
  • facilitate the functionality of our Site; and
  • customize experiences and personalization when you are on our Site.

To Communicate with You

We process certain information to communicate with you in relation to your accounts, our services, our marketing, and your requests, including:

  • communicate with you about orders, purchases and our Services;
  • respond to your customer service inquiries and requests for information;
  • send you personalized promotions, content, and special offers;
  • provide important safety information.

For Improvement of Our Site or Services

We want to ensure that our Site and Services are continually improving and expanding so that we meet and exceed your needs and expectations. To do so, we may process certain Personal Information, including to:

  • test, research, analyze, or develop new products and Services;
  • maintain, improve, and analyze our Site or Services; and
  • detect, prevent, or investigate suspicious activity or fraud.

To Comply with Applicable Laws

We may be required to process certain Personal Information under certain laws and regulations, such as tax laws, as well as to:

  • maintain appropriate records for internal administrative purposes; and
  • comply with applicable legal and regulatory obligations, and respond to lawful governmental requests, as needed.

To Enforce our Terms, Agreements, or Policies

To maintain a safe, secure, and trusted environment for you when you use our Site and Services, we use your Personal Information to ensure our terms, policies, and agreements with you and any third parties are enforced.


With Your Consent

We process certain Personal Information to fulfill any other business or commercial purposes at your direction or with your consent.

5. When We Disclose Information

To the extent permitted by law, certain Personal Information about you may be disclosed in the following situations:

  • Partners. We may share your information, including your Personal Information, with our affiliates and business partners. For instance, we may share Personal Information with co-sponsors of our events. In addition, we may share the information we have collected about you, including Personal Information, as disclosed at the time you provide your information and as described in this Notice.
  • Service providers. To provide information to our affiliates and nonaffiliated third parties who perform services or functions for us in conjunction with our services to you, but only if we have a contractual agreement with the other party which prohibits them from disclosing or using the information other than for the purposes for which it was disclosed. Examples of such disclosures include using a payment processor, or email marketing provider.
  • Legal process. To comply with a validly issued and enforceable subpoena or summons; as a part of any actual or threatened legal proceedings or alternative dispute resolution proceedings either initiated by or against us, provided we disclose only the information necessary to file, pursue, or defend against the lawsuit and take reasonable precautions to ensure that the information disclosed does not become a matter of public record.
  • Business transactions. In conjunction with a prospective purchase, sale, or merger of all or part of our business, if we take appropriate precautions (for example, through a written confidentiality agreement) so the prospective purchaser or merger partner does not disclose information obtained in the course of the review.

Finally, we may aggregate, de-identify, and/or anonymize any information collected through the Site or Services such that such information is no longer linked to your Personal Information. We may use and share this aggregated and anonymized information (non-Personal Information) for any purpose, including without limitation, for research and marketing purposes, and may also share such data with our affiliates and third parties, including advertisers, promotional partners and others.

6. Retention of Personal Information

IANS will retain your Personal Information only for as long as is necessary for the purposes set out in this Notice. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your Personal Information to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

All information you provide to us is stored on our secure servers or those of our third-party data storage providers.

We utilize the following criteria to determine the length of time for which we retain Personal Information:

  • How long we have had a relationship with you or provided our Services to you
  • The business purposes for which the information is used, and the length of time for which the information is required to achieve those purposes;
  • Whether we are required to retain the information, or the information is otherwise necessary, in order to: comply with legal obligations or contractual commitments: defend against potential legal claims: detect or prevent potential illegal activity or actions in violation of our policies and procedures; secure our systems and online environment; or protect health and safety;
  • The privacy impact on individuals of ongoing retention; and
  • The manner in which information is maintained and flows through our systems, and how best to manage the lifecycle of information in light of the volume and complexity of the systems in our infrastructure.

7. Your Choices About the Information We Collect

Communications Preferences

We prefer to keep your Personal Information accurate and up to date. If you would like to change your contact information, please contact us using the information in the Contact Us section belo whttps://redirect.viglink.com/. We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable (but we may retain prior information as business records).

You can opt out of receiving marketing emails from us at any time. You will still receive transactional messages from us. To manage your email preferences with us, please click on the Unsubscribe link in any email you receive from us or contact us using the information in the Contact Us section below. Your choice will not affect our ability to share information in the other ways described in this Notice.

Do Not Track

Do Not Track (“DNT”) is a web browser setting that requests that a web application disable its tracking of an individual user. When you choose to turn on the DNT setting in your browser, your browser sends a special signal to websites, analytics companies, ad networks, plug in providers, and other web services you encounter while browsing to stop tracking your activity. Various third parties are developing or have developed signals or other mechanisms for the expression of consumer choice regarding the collection of information about an individual consumer’s online activities over time and across third-party websites or online services (e.g., browser do not track signals), but there is no universally agreed upon standard for what an organization should do when it detects a DNT signal. Currently, we do not monitor or take any action with respect to these signals or other mechanisms. You can learn more about Do Not Track here.

8. Children’s Privacy

Our Site is not intended for use by children under the age of 18. However, it is possible that our Customers may process the Personal Information of minors. We do not request, or knowingly collect, any Personal Information from children under the age of 18. If you are the parent or guardian of a child under 18 who you believe has provided her or his information to us, please contact us using the information in the Contact Us section below to request the deletion of that information.

9. Visitors to the Site Outside of the United States

If you are visiting the Site from a location outside of the U.S., your connection will be through and to servers located in the U.S. All information you receive from the Site will be created on servers located in the U.S., and all information you provide will be maintained on web servers and systems located within the U.S. The data protection laws in the United States may differ from those of the country in which you are located, and your information may be subject to access requests from governments, courts, or law enforcement in the United States according to laws of the United States. By using the Site or providing us with any information, you consent to the transfer to, and processing, usage, sharing and storage of your information in the United States and in other countries, as set forth in this Notice.

11. Security

We incorporate commercially reasonable safeguards to help protect and secure your Personal Information. However, no data transmission over the Internet, mobile networks, wireless transmission, or electronic storage of information can be guaranteed 100% secure. As a result, we cannot guarantee or warrant the security of any information you transmit to or from the Site, and you provide us with your information at your own risk.

12. Your California Privacy Rights

This section of the Notice applies solely to California residents. We adopt this Section to comply with the California Consumer Privacy Act of 2018 (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”). Any terms defined in the CCPA or CPRA have the same meaning when used in this Section.

California residents have the following rights:

  • To know the categories of Personal Information being collected about you, the purposes for which the categories of Personal Information are collected or used, and whether that information is sold or shared;
  • To know the length of time we intend to retain each category of Personal Information;
  • To know whether your Personal Information is sold or disclosed and to whom;
  • To access your Personal Information;
  • To delete the Personal Information you have provided to us, with certain exceptions;
  • To correct your Personal Information;
  • To opt out of the sale of Personal Information (IANS does not sell any user information);
  • To know if Sensitive Personal Information (“SPI”) is being collected about you, the categories of SPI being collected, the purposes for which the categories of SPI are collected or used, and whether the SPI is sold or shared;
  • To limit the use of your SPI if it is used for cross-contextual behavioral advertising or for the purposes of inferring characteristics about you; and
  • Not to be discriminated against, even if you exercise your privacy rights.

Request for Information, Correction, or Deletion

California residents have the right to request, under certain circumstances, that a business that collects Personal Information about them disclose the information listed below for the preceding 12 months:

  • The categories of Personal Information collected about you;
  • The categories of sources from which the Personal Information is collected;
  • The business or commercial purpose for collecting, selling or sharing Personal Information;
  • The categories of third parties to whom the business discloses Personal Information; and
  • The specific pieces of Personal Information collected about you.

Please note that if we collected information about you for a single one-time transaction and do not keep that information in the ordinary course of business, that information will not be retained for purposes of a request under this section. In addition, if we have de-identified or anonymized data about you, we are not required to re-identify or otherwise link your identity to that data if it is not otherwise maintained that way in our records.

You can also request that we correct or delete your Personal Information. There may be certain exceptions to our obligation to correct or delete your information such as if you have an existing account or transaction with us or if we have a legitimate business reason to keep your information.

Personal Information Collected

We have collected the following categories of Personal Information from consumers within the last twelve (12) months:

Category of Personal Information Examples of this CategorySources of Personal InformationBusiness Purpose for Collection
Identifiers Real name, alias, postal address, unique personal identifier, online identifier, Internal Protocol address, email address, account name, social security number, driver’s license number, passport number or other similar identifiers

You

Automatically

Third Parties

To provide, improve and market our Services

To provide information you requested

To identify potential customers

To verify identity

To prevent fraud

To comply with law

Personal information described in California Civ. Code § 1798.80(e) Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

You

Automatically

Third Parties

To provide, improve and market our Services

To provide information you requested

To identify potential customers

To verify identity

To prevent fraud

To comply with law

Characteristics of protected classifications under California or federal law Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or credit, marital status, medical condition (AIDS/HIV status, cancer), physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information), political activities or affiliations, familial status, source of income status, status as a victim of domestic violence, assault, or stalking.

You

To provide, improve and market our Services

To provide information you requested

To identify potential customers

To verify identity

To prevent fraud

To comply with law

Commercial information Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

You

Automatically

To provide, improve and market our Services

To provide information you requested

To identify potential customers

To verify identity

To prevent fraud

To comply with law

Biometric information An individual’s genetic, physiological, biological or behavioral characteristics, including information pertaining to an individual’s deoxyribonucleic acid (DNA) or activity patterns that can be used to establish individual identity.

You (Employees only)

To provide information you requested

To verify identity

To prevent fraud

To comply with law

Internet or other electronic network activity information Browsing history, search history, and information regarding a consumer’s interaction with an Internet Website, application, or advertisement.

Automatically

To provide, improve and market our Services

To provide information you requested

To identify potential customers

To verify identity

To prevent fraud

To comply with law

Geolocation data Physical location and/or movements.

N/A

N/A

Sensory data Audio, electronic, visual, thermal, olfactory, or similar information.

You

Automatically

To provide, improve and market our Services

To provide information you requested

To identify potential customers

To verify identity

To prevent fraud

To comply with law

Professional or employment related information Current or past job history or performance evaluations

You (for Faculty and Job Applicants)

To provide, improve and market our Services

To provide information you requested

To identify potential customers

To verify identity

To prevent fraud

To comply with law

Non-public education information (per the Family Educational Rights and Privacy Act – 20 U.S.C. § 1232g, 34 CFR Part 99) Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

N/A

N/A

Inferences drawn from other Personal Information Information used to create a profile about a person reflecting the person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

You

Automatically

Third Parties

To provide, improve and market our Services

To provide information you requested

To identify potential customers

To verify identity

To prevent fraud

To comply with law

Sensitive Personal Information Social security number, driver’s license number, account log-in, debit, or credit card number in combination with password or PIN, precise geolocation (less than 1850 sf radius), racial/ethnic origins, religious or philosophical beliefs, union membership, contents of e-mails or texts to others, genetic/biometric data, health information, sex life/sexual orientation data

You

To provide, improve and market our Services

To provide information you requested

To identify potential customers

To verify identity

To prevent fraud

To comply with law

Information related to how long we retain each category of Personal Information is included in the Retention of Personal Information section above.

Personal Information Sold or Shared

We do not sell Personal Information, but we recognize that some privacy laws define “Personal Information” in such a way that making available identifiers linked to you for a benefit may be considered a “sale” or “sharing” of that information. In the last twelve (12) months, we have shared to third parties the following Categories of Personal Information:

Category of Personal InformationRecipient CategoriesPurpose for Sale/Sharing
Identifiers Advertising, marketing, and analytics providers Marketing and analytics
Internet or other electronic network activity information Advertising, marketing, and analytics providers Marketing and analytics

We do not have actual knowledge that we sell or share the Personal Information of consumers under 16 years of age.


Personal Information Disclosed for Business Purposes

We have disclosed the following categories of Personal Information for business purposes in the last twelve (12) months:

Category of Personal InformationRecipient CategoriesBusiness Purpose for Disclosure
Identifiers Service Providers

Helping to ensure the security and integrity of Personal Information

Performing services on behalf of the business

Activities to verify or maintain the quality of, improve, upgrade, and/or enhance of our Services

Personal information described in California Civ. Code § 1798.80(e) Service Providers

Helping to ensure the security and integrity of Personal Information

Performing services on behalf of the business

Activities to verify or maintain the quality of, improve, upgrade, and/or enhance of our Services

Commercial information Service Providers

Helping to ensure the security and integrity of Personal Information

Performing services on behalf of the business

Activities to verify or maintain the quality of, improve, upgrade, and/or enhance of our Services

Internet or other electronic network activity information Service Providers

Helping to ensure the security and integrity of Personal Information

Performing services on behalf of the business

Activities to verify or maintain the quality of, improve, upgrade, and/or enhance of our Services

Sensory data Service Providers

Helping to ensure the security and integrity of Personal Information

Performing services on behalf of the business

Activities to verify or maintain the quality of, improve, upgrade, and/or enhance of our Services

Professional or employment-related information Service Providers

Helping to ensure the security and integrity of Personal Information

Performing services on behalf of the business

Activities to verify or maintain the quality of, improve, upgrade, and/or enhance of our Services

Inferences drawn from other Personal Information Service Providers

Helping to ensure the security and integrity of Personal Information

Performing services on behalf of the business

Activities to verify or maintain the quality of, improve, upgrade, and/or enhance of our Services

Sensitive Personal Information Service Providers

Helping to ensure the security and integrity of Personal Information

Performing services on behalf of the business

Activities to verify or maintain the quality of, improve, upgrade, and/or enhance of our Services


Do Not Sell My Personal Information

As a California resident, you also have the right, at any time, to tell us not to sell Personal Information – this is called the “right to opt-out” of the sale of Personal Information. To opt-out of this, please contact us at privacy@iansresearch.com.

Right to Limit Use of Sensitive Personal Information

California residents have the right to limit the use of each type of Sensitive Personal Information for each purpose with each type of third-party partner. Please note that we only keep your Sensitive Personal Information for a limited time, and only for the transaction for which it is required. Currently, we do not provide your Sensitive Personal Information to any third parties other than those service providers that are necessary for us to provide our Services to you.

Right Not to Be Discriminated Against

We will not discriminate against you for exercising any of your rights under the CCPA. Unless permitted by California law, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Third Party Marketing (“Shine The Light Act”)

California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us a list of what Personal Information (if any) we disclosed to third parties for their own direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. We do not disclose Personal Information protected under this section to third parties for their own direct marketing purposes.

Exercising Your California Privacy Rights

You or your authorized agent may make a request to access, correct, delete, opt-out of the sale of your Personal Information by contacting us using the information in the Contact Us section below.

If you use an authorized agent to submit your request, we may require proof of the written authorization you have given. We also may require you to confirm your identity and your residency to obtain the information, and you are only entitled to make this request twice in a 12-month period. For emails, please include “California Privacy Rights” as the subject line. You must include your full name, email address, and attest to the fact that you are a California resident. We will acknowledge your request within 10 days and respond to your request within 45 days or let you know if we need additional time. If you make this request by telephone, we may also ask you to provide the request in writing so that we may verify your identity. If we are unable to honor your request for any reason, we will notify you of the reason within the request time period.

13. Your Privacy Rights under Other US State Laws

If you live in certain other U.S. states, such as Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia, you may have rights under applicable privacy laws once those laws have become effective.

Based on the applicable law in the state where you live, you may have the following rights with respect to your Personal Information:

  • To confirm whether or not a controller is processing your personal data and to access such personal data;
  • To know the categories of Personal Information we collect about you, the purposes for the collection, how long we retain your Personal Information, and whether that information is sold or shared or disclosed and to whom;
  • To correct inaccuracies in your personal data;
  • To delete your personal data;
  • To obtain a copy of your personal data that you previously provided to us in a portable, and if technically feasible, readily usable format, if processing is carried out by automated means;
  • To opt out of the processing of your personal data for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

To exercise any of these rights, you may make a request to confirm, access, correct, delete, obtain a copy, or opt-out of the processing of your personal data for targeting advertising, sale, or profiling by using the information in the Contact Us section below. Please include your state of residence.

We may require you to confirm your identity and your residency in order to obtain the information, and you are only entitled to make this request up to twice annually. For emails, please include “Privacy Rights” as the subject line. You must include your full name, email address, and attest to the state in which you are a resident.

We will process your request within 45 days or let you know if we need additional time or cannot process your request. If you make this request by telephone, we may also ask you to provide the request in writing so that we may verify your identity. If we are unable to honor your request for any reason, we will notify you of the reason within the request time period.

Right to Opt-Out of Communications and Services

You may have the right to opt out of the processing of your personal data for the purposes of targeted advertising, communications, the sale of personal data , and profiling in furtherance of decisions that produce legal or similarly significant effects. To exercise your rights, please click on:

  • Bottom of our email compunctions via a link to manage your communication preferences.
  • For IANS clients, visit the Notification Preferences page under “My Account”.
  • Contact your account managers regarding any specific product features you wish to opt out of.

Opt-Out Preference Signals

Some browsers and browser extensions support opt-out preference signals such as the Global Privacy Control (“GPC”) that can send a signal to the websites you visit indicating your choice to opt-out from certain types of data processing, including data sales. GPC is a web browser-level setting, maintained by either a browser or a browser extension, that a user or privacy-focused technology can set. In certain regions, when we detect such a signal, we will make reasonable efforts to respect your choices as required by applicable law.

Appeals of Our Decisions

In some jurisdictions, you may appeal to us if we refuse to take action on your exercise of certain choices described above. In order to appeal such a refusal, please contact us using the information in the Contact Us section below with the subject line “Appeal of Refusal to Take Action on Privacy Request” and provide the relevant information in the email.

If we decline to take action on any request you make, we will provide you with the information required by the applicable law where you live. This may include an explanation of why we declined your request, information on how to appeal our decision, and/or how to make a complaint to your state Attorney General.

14. Your Rights Under the General Data Protection Regulation

This section of the Notice applies if you are a data subject who resides or is located in the European Economic Area (“EEA”). We adopt this section to comply with European privacy laws, including the General Data Protection Regulation (“GDPR”). Any terms defined in the GDPR have the same meaning when used in this section.

Under applicable law, we are considered the “data controller” of the Personal Information we handle under this Notice. In other words, we are responsible for deciding how to collect, use and disclose this information, subject to applicable law.

We want to ensure that the Personal Information we possess is always accurate and therefore we encourage you to update your information in your own account in case any changes have occurred. We have listed below the rights that you may be able to exercise in respect of the processing of your Personal Information, subject to applicable law. We take reasonable steps to ensure that the Personal Information that we process is limited to the Personal Information that are required in connection with the purposes set out in this Notice.

If you are a resident of or located within the EEA, you have certain data protection rights. These rights include:

  • The right to access, update or delete the information we have collected from you.
  • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
  • The right to object. You have the right to object to our processing of your Personal Information.
  • The right of restriction. You have the right to request that we restrict the processing of your Personal Information.
  • The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
  • The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your Personal Information.

Legal Basis for Processing Personal Information

We rely on the following legal bases for processing your Personal Information:

  • Contract: To conclude or perform a contract with you; for example:
    • To provide other Services;
    • To manage our accounts and records;
    • To handle your inquiries and requests;
    • When you apply for employment through our Site, processing of your contact details and data about your employment history and education (as needed to evaluate your job application, to conduct job interviews, and as is otherwise needed for recruitment) is necessary to respond to your request to process your application for employment. If you do not provide this data, we will not be able to process the application that you send through our Site.
  • Legitimate Interests: When we process your Personal Information for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your Personal Information for activities where our interests are overridden by the impact on you unless we have your consent or those activities are otherwise required or permitted to by law. You have the right to object to processing that is based on our legitimate interests, as further described below. Examples of legitimate interests include:
    • To respond to your customer service inquiries and requests for information;
    • To maintain, improve, and analyze our Site and Services we offer;
    • To conduct marketing activities;
    • To detect, prevent, or investigate security breaches or fraud; and
    • To facilitate the functionality of our Site;
  • Legal Compliance: To comply with our legal obligations; for example:
    • To maintain appropriate records for internal administrative purposes and as required by applicable law, and
    • To provide important safety information.
  • Consent: We will send you information by email on our Services or other promotions only with your consent or if you otherwise opt-in to receive those communications. If you do not provide us with your consent to the processing of your Personal Information for this purpose, we will not send you this information. You have the right to withdraw your consent at any time as described below.

How to Exercise Your Rights Under the GDPR

If applicable, you may exercise any of your rights under the GDPR by submitting a verifiable data subject request to us by using the contact details below. You may make a request related to your Personal Information or on behalf of someone for which you have authorization. You must include your full name, email address, and attest to the fact that you are a citizen or resident of the EEA by including your country of citizenship or residence in your request. We may require you to confirm your identity and/or legal standing for the request as well as your residency in the EEA to obtain the information. We will respond to your request within 30 days or let you know if we need additional time.

Please note that we will ask you to verify your identity before responding to such requests, and we may deny your request if we are unable to verify your identity or authority to make the request.

Should you wish to raise a concern about our use of your data (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority; however, we hope that we can assist with any queries or concerns you may have about our use of your Personal Information first by contacting us as via [online GDPR and Privacy webform with the following]

Name:

Email:

Address:

Phone:

Concern:

Local data representative

15. Your Rights Under the UK GDPR

If you are based in the United Kingdom, the following provisions also apply:

If we share your personal data within IANS or with third parties located outside the United Kingdom, we take steps to ensure that appropriate safeguards are in place to guarantee the continued protection of your personal data, such as by entering into the UK International Data Transfer Agreement or the International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses, adopted by the UK Government under section 119A of the Data Protection Act 2018.

You have the same data subject rights as those for the EU listed above, except that references to the "GDPR" should be read as references to the "UK GDPR" and complaints should be filed with the UK supervisory authority, the Information Commissioner’s Office.

16. Changes to This Privacy Notice

We may change this Privacy Notice at any time. We will post all changes to this Notice on this page and will indicate at the top of the page the modified notice’s effective date. We therefore encourage you to refer to this page on an ongoing basis so that you are aware of our current privacy notice. If required by applicable law, we will notify you of changes.

By continuing to use the Site or Services or providing us with information following such a replacement Notice being uploaded, you agree that you will be bound by the Privacy Notice as changed.

17. Contact Us

If you have any questions or suggestions regarding this Notice, please contact us as follows:

Privacy Advocate, IANS
2 Center Plaza, Suite 500
Boston, MA 02108

Email: privacy@iansresearch.com