1. Introduction
Welcome. You have arrived at a website operated by the Institute for
Applied Network Security (“IANS,” “we,” “our” or
“us”). IANS Research is a clear-headed resource for decision
making and articulating risk. We provide experience-based security
insights for Chief Information Security Officers and their teams. The
core of our value comes from the IANS Faculty, a network of seasoned
practitioners. We support client decisions and executive communications
with Ask-an-Expert inquiries, our peer community, deployment-focused
reports, tools and templates, and consulting.
At IANS, we take your privacy seriously. We provide this Privacy Notice
(“Notice”) to tell you what information we collect about you, how
we obtain it, how we share it, and how you may limit the ways in which
we use your Personal Information. If you have questions about this
Notice after you review it, feel free to contact us at
privacy@iansresearch.com
2. Scope
This Notice governs
iansresearch.com, its subdomains, and all subdomains or portals that link to this
Notice (“Site”); or otherwise when you provide Personal
Information or interact with us online or in-person. This Notice also
applies to Personal Information that we may collect from you via phone
calls or other communications with our representatives or in any other
instance when you contact us. For the purpose of this Notice, "Personal Information" (also known as “personal data”) means any Personal Information
relating to an identified or identifiable individual that is protected
by applicable privacy laws. The definition of Personal Information does
not include publicly available information from federal, state, or local
government records, such as professional licenses and real estate or
property records.
We refer to all the above as our “Services.” Our Services are
used by prospective, current and past clients (“Clients”),
members of our faculty (“Faculty”), individuals who apply for
employment with us (“Job Applicants”) and individuals who visit
the Site (“Website Visitors”).
By using our Site or otherwise using our Services, you acknowledge this
Notice and agree to our
Terms of Service
(“Terms”).
3. What Information We Collect
As a rule, we limit the Personal Information we collect to that which is
adequate, relevant and reasonably necessary for us to provide our
Services to you.
Information That You Provide to Us
As you interact with our Site or Services, we only collect Personal
Information that is relevant and reasonably necessary for us to provide
our Services to you. This includes any information you provide:
- via webforms and uploads to our Site, including our surveys;
- when you attend our events; and
- through telephone calls, emails, and other communications with you.
Please do not provide any sensitive Personal Information in our
communications with you.
In the previous 12 months, we have collected the following Personal
Information:
Clients
- Contact information such as your first and last name, email address,
company, title, business address collection are required, with
optional voluntary telephone and mobile numbers collection.
- For corporate payment, we do not conduct credit or background history
reviews on our clients. We collect client payments via ACH (Automated
Clearing House), which involves direct bank-to-bank transfer and
banking information collection.
Faculty
- Contact information such as your first and last name, email address,
company, title, business and personal physical/mail address, telephone
numbers, mobile numbers.
- Financial information such as your bank account information.
- Audiovisual information such as a headshot or video.
- Employment history.
- Criminal background checks.
- Certifications and licensing checks.
Job Applicants
- Contact information such as your first and last name, user name, email
address, home or business address, shipping address, telephone
numbers, mobile numbers;
- Background checks;
- Employment history; and
- Certifications and licensing checks.
Website Visitors
- Contact information such as your first and last name, email address,
telephone numbers, mobile numbers, company and title.
Information Collected Automatically
Like many businesses, we and our service providers automatically collect
information about how and when you interact with our Site or Services
(“Usage Information”), including via cookies and other tracking
technologies (see Use of Cookies and Other Tracking Technologies section
below). This Usage Information may be stored on and/or accessed from
your device whenever you visit or interact with our Site. Usage
Information includes:
- Your IP address, IDFA, Android/Google Advertising ID, IMEI, or another
unique identifier;
- Your Device functionality (including browser, browser language,
settings and behavior, operating system, hardware, mobile network
information);
- Referring and exit web pages and URLs;
- The areas within the Site that you visit and your activities there,
including remembering you and your preferences;
- Your Device location or other location information, including the zip
code, state or country from which you accessed the Services;
- Your Device characteristics (such as device type (computer vs. mobile)
and ID, operating system, hardware);
- Certain other Device data, including the time of day you visit our
Site or other information used to provide analytics or other usage
information;
- Information about your engagement with our emails; and
- Statistical information about how both unregistered and registered
users, collectively, use the Site and Services.
- Location information, where you are using location-based services and
have enabled location features on your device.
We may also collect sensory data such as CCTV recordings from our
facilities or premises to protect the health and safety of our
employees, Customers, and guests, and to prevent, investigate, and
prosecute fraud and other criminal activities. We may record your voice
when you contact our customer service-related teams.
Information Collected from Third Parties
The Site includes functionality that allows certain kinds of
interactions between the Site and your account on a third-party website
or application. The use of this functionality may involve the
third-party site providing information to us.
IANS does not have control over the information that is collected, used,
and shared by these third parties. We encourage you to review the
privacy statements of these third parties to understand their privacy
practices.
4. Why We Collect Information
We use the information we collect about you in a variety of ways,
including the following:
To Provide Our Services
We process certain Personal Information when you access or use our
Services, including to:
- access the client portal;
- provide research and insights, as well as decision support;
- offer events and workshops;
- for our surveys, including our Benchmark and Staff surveys;
- provide consulting services;
- operate, maintain and improve the Site;
- enable you to access and use the Site;
- send you notices, updates, security alerts and support and other
messages;
- provide and deliver the Services and features you request, process and
complete transactions, and send you related information, including
purchase confirmations and invoices;
- process your purchases of, or requests for our Services;
- create and verify user accounts;
- facilitate the functionality of our Site; and
- customize experiences and personalization when you are on our Site.
To Communicate with You
We process certain information to communicate with you in relation to
your accounts, our services, our marketing, and your requests,
including:
- communicate with you about orders, purchases and our Services;
- respond to your customer service inquiries and requests for
information;
- send you personalized promotions, content, and special offers;
- provide important safety information.
For Improvement of Our Site or Services
We want to ensure that our Site and Services are continually improving
and expanding so that we meet and exceed your needs and expectations. To
do so, we may process certain Personal Information, including to:
- test, research, analyze, or develop new products and Services;
- maintain, improve, and analyze our Site or Services; and
- detect, prevent, or investigate suspicious activity or fraud.
To Comply with Applicable Laws
We may be required to process certain Personal Information under certain
laws and regulations, such as tax laws, as well as to:
- maintain appropriate records for internal administrative purposes; and
- comply with applicable legal and regulatory obligations, and respond
to lawful governmental requests, as needed.
To Enforce our Terms, Agreements, or Policies
To maintain a safe, secure, and trusted environment for you when you use
our Site and Services, we use your Personal Information to ensure our
terms, policies, and agreements with you and any third parties are
enforced.
With Your Consent
We process certain Personal Information to fulfill any other business or
commercial purposes at your direction or with your consent.
5. When We Disclose Information
To the extent permitted by law, certain Personal Information about you
may be disclosed in the following situations:
- Partners. We may share your information, including your
Personal Information, with our affiliates and business partners. For
instance, we may share Personal Information with co-sponsors of our
events. In addition, we may share the information we have collected
about you, including Personal Information, as disclosed at the time
you provide your information and as described in this Notice.
- Service providers. To provide information to our affiliates and
nonaffiliated third parties who perform services or functions for us
in conjunction with our services to you, but only if we have a
contractual agreement with the other party which prohibits them from
disclosing or using the information other than for the purposes for
which it was disclosed. Examples of such disclosures include using a
payment processor, or email marketing provider.
- Legal process. To comply with a validly issued and enforceable
subpoena or summons; as a part of any actual or threatened legal
proceedings or alternative dispute resolution proceedings either
initiated by or against us, provided we disclose only the information
necessary to file, pursue, or defend against the lawsuit and take
reasonable precautions to ensure that the information disclosed does
not become a matter of public record.
- Business transactions. In conjunction with a prospective
purchase, sale, or merger of all or part of our business, if we take
appropriate precautions (for example, through a written
confidentiality agreement) so the prospective purchaser or merger
partner does not disclose information obtained in the course of the
review.
Finally, we may aggregate, de-identify, and/or anonymize any information
collected through the Site or Services such that such information is no
longer linked to your Personal Information. We may use and share this
aggregated and anonymized information (non-Personal Information) for any
purpose, including without limitation, for research and marketing
purposes, and may also share such data with our affiliates and third
parties, including advertisers, promotional partners and others.
6. Retention of Personal Information
IANS will retain your Personal Information only for as long as is
necessary for the purposes set out in this Notice. We will retain and
use your Personal Information to the extent necessary to comply with our
legal obligations (for example, if we are required to retain your
Personal Information to comply with applicable laws), resolve disputes
and enforce our legal agreements and policies.
All information you provide to us is stored on our secure servers or
those of our third-party data storage providers.
We utilize the following criteria to determine the length of time for
which we retain Personal Information:
- How long we have had a relationship with you or provided our Services
to you
- The business purposes for which the information is used, and the
length of time for which the information is required to achieve those
purposes;
- Whether we are required to retain the information, or the information
is otherwise necessary, in order to: comply with legal obligations or
contractual commitments: defend against potential legal claims: detect
or prevent potential illegal activity or actions in violation of our
policies and procedures; secure our systems and online environment; or
protect health and safety;
- The privacy impact on individuals of ongoing retention; and
- The manner in which information is maintained and flows through our
systems, and how best to manage the lifecycle of information in light
of the volume and complexity of the systems in our infrastructure.
7. Your Choices About the Information We Collect
Communications Preferences
We prefer to keep your Personal Information accurate and up to date. If
you would like to change your contact information, please contact us
using the information in the Contact Us section belo
whttps://redirect.viglink.com/. We will make good faith efforts to make requested changes in our then
active databases as soon as reasonably practicable (but we may retain
prior information as business records).
You can opt out of receiving marketing emails from us at any time. You
will still receive transactional messages from us. To manage your email
preferences with us, please click on the Unsubscribe link in any email
you receive from us or contact us using the information in the Contact
Us section below. Your choice will not affect our ability to share
information in the other ways described in this Notice.
Do Not Track
Do Not Track (“DNT”) is a web browser setting that requests that
a web application disable its tracking of an individual user. When you
choose to turn on the DNT setting in your browser, your browser sends a
special signal to websites, analytics companies, ad networks, plug in
providers, and other web services you encounter while browsing to stop
tracking your activity. Various third parties are developing or have
developed signals or other mechanisms for the expression of consumer
choice regarding the collection of information about an individual
consumer’s online activities over time and across third-party websites
or online services (e.g., browser do not track signals), but there is no
universally agreed upon standard for what an organization should do when
it detects a DNT signal. Currently, we do not monitor or take any action
with respect to these signals or other mechanisms. You can learn more
about Do Not Track
here.
8. Children’s Privacy
Our Site is not intended for use by children under the age of 18.
However, it is possible that our Customers may process the Personal
Information of minors. We do not request, or knowingly collect, any
Personal Information from children under the age of 18. If you are the
parent or guardian of a child under 18 who you believe has provided her
or his information to us, please contact us using the information in the
Contact Us section below to request the deletion of that information.
9. Visitors to the Site Outside of the United States
If you are visiting the Site from a location outside of the U.S., your
connection will be through and to servers located in the U.S. All
information you receive from the Site will be created on servers located
in the U.S., and all information you provide will be maintained on web
servers and systems located within the U.S. The data protection laws in
the United States may differ from those of the country in which you are
located, and your information may be subject to access requests from
governments, courts, or law enforcement in the United States according
to laws of the United States. By using the Site or providing us with any
information, you consent to the transfer to, and processing, usage,
sharing and storage of your information in the United States and in
other countries, as set forth in this Notice.
10. Link
For your convenience, the Site and this Notice may contain links to
other websites. IANS is not responsible for the privacy practices,
advertising, products, services, or the content of such other websites.
None of the links on the Site should be deemed to imply that IANS
endorses or has any affiliation with the links.
11. Security
We incorporate commercially reasonable safeguards to help protect and
secure your Personal Information. However, no data transmission over the
Internet, mobile networks, wireless transmission, or electronic storage
of information can be guaranteed 100% secure. As a result, we cannot
guarantee or warrant the security of any information you transmit to or
from the Site, and you provide us with your information at your own
risk.
12. Your California Privacy Rights
This section of the Notice applies solely to California residents. We
adopt this Section to comply with the California Consumer Privacy Act of
2018 (“CCPA”) as amended by the California Privacy Rights Act
(“CPRA”). Any terms defined in the CCPA or CPRA have the same
meaning when used in this Section.
California residents have the following rights:
- To know the categories of Personal Information being collected about
you, the purposes for which the categories of Personal Information are
collected or used, and whether that information is sold or shared;
- To know the length of time we intend to retain each category of
Personal Information;
- To know whether your Personal Information is sold or disclosed and to
whom;
- To access your Personal Information;
- To delete the Personal Information you have provided to us, with
certain exceptions;
- To correct your Personal Information;
- To opt out of the sale of Personal Information
(IANS does not sell any user information);
- To know if Sensitive Personal Information (“SPI”) is being
collected about you, the categories of SPI being collected, the
purposes for which the categories of SPI are collected or used, and
whether the SPI is sold or shared;
- To limit the use of your SPI if it is used for cross-contextual
behavioral advertising or for the purposes of inferring
characteristics about you; and
- Not to be discriminated against, even if you exercise your privacy
rights.
Request for Information, Correction, or Deletion
California residents have the right to request, under certain
circumstances, that a business that collects Personal Information about
them disclose the information listed below for the preceding 12 months:
- The categories of Personal Information collected about you;
- The categories of sources from which the Personal Information is
collected;
- The business or commercial purpose for collecting, selling or sharing
Personal Information;
- The categories of third parties to whom the business discloses
Personal Information; and
- The specific pieces of Personal Information collected about you.
Please note that if we collected information about you for a single
one-time transaction and do not keep that information in the ordinary
course of business, that information will not be retained for purposes
of a request under this section. In addition, if we have de-identified
or anonymized data about you, we are not required to re-identify or
otherwise link your identity to that data if it is not otherwise
maintained that way in our records.
You can also request that we correct or delete your Personal
Information. There may be certain exceptions to our obligation to
correct or delete your information such as if you have an existing
account or transaction with us or if we have a legitimate business
reason to keep your information.
Personal Information Collected
We have collected the following categories of Personal Information from
consumers within the last twelve (12) months:
| Category of Personal Information
| Examples of this Category | Sources of Personal Information | Business Purpose for Collection |
|---|
| Identifiers
| Real name, alias, postal address, unique personal identifier,
online identifier, Internal Protocol address, email address,
account name, social security number, driver’s license number,
passport number or other similar identifiers
| You Automatically Third Parties | To provide, improve and market our Services To provide information you requested To identify potential customers To verify identity To prevent fraud To comply with law |
| Personal information described in California Civ. Code §
1798.80(e)
| Name, signature, social security number, physical characteristics
or description, address, telephone number, passport number,
driver’s license or state identification card number, insurance
policy number, education, employment, employment history, bank
account number, credit card number, debit card number, or any
other financial information, medical information, or health
insurance information.
| You Automatically Third Parties | To provide, improve and market our Services To provide information you requested To identify potential customers To verify identity To prevent fraud To comply with law |
| Characteristics of protected classifications under California
or federal law
| Age (40 years or older), race, color, ancestry, national origin,
citizenship, religion or credit, marital status, medical condition
(AIDS/HIV status, cancer), physical or mental disability, sex
(including gender, gender identity, gender expression, pregnancy
or childbirth and related medical conditions), sexual orientation,
veteran or military status, genetic information (including
familial genetic information), political activities or
affiliations, familial status, source of income status, status as
a victim of domestic violence, assault, or stalking.
| You | To provide, improve and market our Services To provide information you requested To identify potential customers To verify identity To prevent fraud To comply with law |
| Commercial information
| Records of personal property, products or services purchased,
obtained, or considered, or other purchasing or consuming
histories or tendencies.
| You Automatically | To provide, improve and market our Services To provide information you requested To identify potential customers To verify identity To prevent fraud To comply with law |
| Biometric information
| An individual’s genetic, physiological, biological or behavioral
characteristics, including information pertaining to an
individual’s deoxyribonucleic acid (DNA) or activity patterns that
can be used to establish individual identity.
| You (Employees only) | To provide information you requested To verify identity To prevent fraud To comply with law |
| Internet or other electronic network activity information
| Browsing history, search history, and information regarding a
consumer’s interaction with an Internet Website, application, or
advertisement.
| Automatically | To provide, improve and market our Services To provide information you requested To identify potential customers To verify identity To prevent fraud To comply with law |
| Geolocation data
| Physical location and/or movements.
| N/A | N/A |
| Sensory data
| Audio, electronic, visual, thermal, olfactory, or similar
information.
| You Automatically | To provide, improve and market our Services To provide information you requested To identify potential customers To verify identity To prevent fraud To comply with law |
| Professional or employment related information
| Current or past job history or performance evaluations
| You (for Faculty and Job Applicants) | To provide, improve and market our Services To provide information you requested To identify potential customers To verify identity To prevent fraud To comply with law |
| Non-public education information (per the Family Educational
Rights and Privacy Act – 20 U.S.C. § 1232g, 34 CFR Part 99)
| Education records directly related to a student maintained by an
educational institution or party acting on its behalf, such as
grades, transcripts, class lists, student schedules, student
identification codes, student financial information, or student
disciplinary records.
| N/A | N/A |
| Inferences drawn from other Personal Information
| Information used to create a profile about a person reflecting the
person’s preferences, characteristics, psychological trends,
predispositions, behavior, attitudes, intelligence, abilities, and
aptitudes.
| You Automatically Third Parties | To provide, improve and market our Services To provide information you requested To identify potential customers To verify identity To prevent fraud To comply with law |
| Sensitive Personal Information
| Social security number, driver’s license number, account log-in,
debit, or credit card number in combination with password or PIN,
precise geolocation (less than 1850 sf radius), racial/ethnic
origins, religious or philosophical beliefs, union membership,
contents of e-mails or texts to others, genetic/biometric data,
health information, sex life/sexual orientation data
| You | To provide, improve and market our Services To provide information you requested To identify potential customers To verify identity To prevent fraud To comply with law |
Information related to how long we retain each category of Personal
Information is included in the Retention of Personal Information section
above.
Personal Information Sold or Shared
We do not sell Personal Information, but we recognize that some privacy
laws define “Personal Information” in such a way that making available
identifiers linked to you for a benefit may be considered a “sale” or
“sharing” of that information. In the last twelve (12) months, we have
shared to third parties the following Categories of Personal
Information:
| Category of Personal Information | Recipient Categories | Purpose for Sale/Sharing |
|---|
| Identifiers
| Advertising, marketing, and analytics providers
| Marketing and analytics
|
| Internet or other electronic network activity information
| Advertising, marketing, and analytics providers
| Marketing and analytics
|
We do not have actual knowledge that we sell or share the Personal
Information of consumers under 16 years of age.
Personal Information Disclosed for Business Purposes
We have disclosed the following categories of Personal Information for
business purposes in the last twelve (12) months:
| Category of Personal Information | Recipient Categories | Business Purpose for Disclosure |
|---|
| Identifiers
| Service Providers
| Helping to ensure the security and integrity of Personal
Information
Performing services on behalf of the business Activities to verify or maintain the quality of, improve,
upgrade, and/or enhance of our Services
|
| Personal information described in California Civ. Code §
1798.80(e)
| Service Providers
| Helping to ensure the security and integrity of Personal
Information
Performing services on behalf of the business Activities to verify or maintain the quality of, improve,
upgrade, and/or enhance of our Services
|
| Commercial information
| Service Providers
| Helping to ensure the security and integrity of Personal
Information
Performing services on behalf of the business Activities to verify or maintain the quality of, improve,
upgrade, and/or enhance of our Services
|
| Internet or other electronic network activity information
| Service Providers
| Helping to ensure the security and integrity of Personal
Information
Performing services on behalf of the business Activities to verify or maintain the quality of, improve,
upgrade, and/or enhance of our Services
|
| Sensory data
| Service Providers
| Helping to ensure the security and integrity of Personal
Information
Performing services on behalf of the business Activities to verify or maintain the quality of, improve,
upgrade, and/or enhance of our Services
|
| Professional or employment-related information
| Service Providers
| Helping to ensure the security and integrity of Personal
Information
Performing services on behalf of the business Activities to verify or maintain the quality of, improve,
upgrade, and/or enhance of our Services
|
| Inferences drawn from other Personal Information
| Service Providers
| Helping to ensure the security and integrity of Personal
Information
Performing services on behalf of the business Activities to verify or maintain the quality of, improve,
upgrade, and/or enhance of our Services
|
| Sensitive Personal Information
| Service Providers
| Helping to ensure the security and integrity of Personal
Information
Performing services on behalf of the business Activities to verify or maintain the quality of, improve,
upgrade, and/or enhance of our Services
|
Do Not Sell My Personal Information
As a California resident, you also have the right, at any time, to tell
us not to sell Personal Information – this is called the “right to
opt-out” of the sale of Personal Information. To opt-out of this, please
contact us at
privacy@iansresearch.com.
Right to Limit Use of Sensitive Personal Information
California residents have the right to limit the use of each type of
Sensitive Personal Information for each purpose with each type of
third-party partner. Please note that we only keep your Sensitive
Personal Information for a limited time, and only for the transaction
for which it is required.
Currently, we do not provide your Sensitive Personal Information to
any third parties other than those service providers that are
necessary for us to provide our Services to you.
Right Not to Be Discriminated Against
We will not discriminate against you for exercising any of your rights
under the CCPA. Unless permitted by California law, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including
through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or
services or a different level or quality of goods or services.
Third Party Marketing (“Shine The Light Act”)
California Civil Code Section 1798.83 permits our users who are
California residents to request and obtain from us a list of what
Personal Information (if any) we disclosed to third parties for their
own direct marketing purposes in the preceding calendar year and the
names and addresses of those third parties.
We do not disclose Personal Information protected under this section
to third parties for their own direct marketing purposes.
Exercising Your California Privacy Rights
You or your authorized agent may make a request to access, correct,
delete, opt-out of the sale of your Personal Information by contacting
us using the information in the Contact Us section below.
If you use an authorized agent to submit your request, we may require
proof of the written authorization you have given. We also may require
you to confirm your identity and your residency to obtain the
information, and you are only entitled to make this request twice in a
12-month period. For emails, please include “California Privacy Rights”
as the subject line. You must include your full name, email address, and
attest to the fact that you are a California resident. We will
acknowledge your request within 10 days and respond to your request
within 45 days or let you know if we need additional time. If you make
this request by telephone, we may also ask you to provide the request in
writing so that we may verify your identity. If we are unable to honor
your request for any reason, we will notify you of the reason within the
request time period.
13. Your Privacy Rights under Other US State Laws
If you live in certain other U.S. states, such as Colorado, Connecticut,
Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, Nevada, New
Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia, you
may have rights under applicable privacy laws once those laws have
become effective.
Based on the applicable law in the state where you live, you may have
the following rights with respect to your Personal Information:
- To confirm whether or not a controller is processing your personal
data and to access such personal data;
- To know the categories of Personal Information we collect about you,
the purposes for the collection, how long we retain your Personal
Information, and whether that information is sold or shared or
disclosed and to whom;
- To correct inaccuracies in your personal data;
- To delete your personal data;
- To obtain a copy of your personal data that you previously provided to
us in a portable, and if technically feasible, readily usable format,
if processing is carried out by automated means;
- To opt out of the processing of your personal data for purposes of (i)
targeted advertising, (ii) the sale of personal data, or (iii)
profiling in furtherance of decisions that produce legal or similarly
significant effects concerning the consumer.
To exercise any of these rights, you may make a request to confirm,
access, correct, delete, obtain a copy, or opt-out of the processing of
your personal data for targeting advertising, sale, or profiling by
using the information in the Contact Us section below. Please include
your state of residence.
We may require you to confirm your identity and your residency in order
to obtain the information, and you are only entitled to make this
request up to twice annually. For emails, please include “Privacy
Rights” as the subject line. You must include your full name, email
address, and attest to the state in which you are a resident.
We will process your request within 45 days or let you know if we need
additional time or cannot process your request. If you make this request
by telephone, we may also ask you to provide the request in writing so
that we may verify your identity. If we are unable to honor your request
for any reason, we will notify you of the reason within the request time
period.
Right to Opt-Out of Communications and Services
You may have the right to opt out of the processing of your personal
data for the purposes of targeted advertising, communications, the sale
of personal data , and profiling in furtherance of decisions that
produce legal or similarly significant effects. To exercise your rights,
please click on:
- Bottom of our email compunctions via a link to manage your
communication preferences.
- For IANS clients, visit the Notification Preferences page under “My
Account”.
- Contact your account managers regarding any specific product features
you wish to opt out of.
Opt-Out Preference Signals
Some browsers and browser extensions support opt-out preference signals
such as the Global Privacy Control (“GPC”) that can send a signal
to the websites you visit indicating your choice to opt-out from certain
types of data processing, including data sales. GPC is a web
browser-level setting, maintained by either a browser or a browser
extension, that a user or privacy-focused technology can set. In certain
regions, when we detect such a signal, we will make reasonable efforts
to respect your choices as required by applicable law.
Appeals of Our Decisions
In some jurisdictions, you may appeal to us if we refuse to take action
on your exercise of certain choices described above. In order to appeal
such a refusal, please contact us using the information in the Contact
Us section below with the subject line “Appeal of Refusal to Take Action
on Privacy Request” and provide the relevant information in the email.
If we decline to take action on any request you make, we will provide
you with the information required by the applicable law where you live.
This may include an explanation of why we declined your request,
information on how to appeal our decision, and/or how to make a
complaint to your state Attorney General.
14. Your Rights Under the General Data Protection Regulation
This section of the Notice applies if you are a data subject who resides
or is located in the European Economic Area (“EEA”). We adopt
this section to comply with European privacy laws, including the General
Data Protection Regulation (“GDPR”). Any terms defined in the
GDPR have the same meaning when used in this section.
Under applicable law, we are considered the “data controller” of the
Personal Information we handle under this Notice. In other words, we are
responsible for deciding how to collect, use and disclose this
information, subject to applicable law.
We want to ensure that the Personal Information we possess is always
accurate and therefore we encourage you to update your information in
your own account in case any changes have occurred. We have listed below
the rights that you may be able to exercise in respect of the processing
of your Personal Information, subject to applicable law. We take
reasonable steps to ensure that the Personal Information that we process
is limited to the Personal Information that are required in connection
with the purposes set out in this Notice.
If you are a resident of or located within the EEA, you have certain
data protection rights. These rights include:
- The right to access, update or delete the information we have
collected from you.
- The right of rectification. You have the right to have your
information rectified if that information is inaccurate or incomplete.
- The right to object. You have the right to object to our processing of
your Personal Information.
- The right of restriction. You have the right to request that we
restrict the processing of your Personal Information.
- The right to data portability. You have the right to be provided with
a copy of the information we have on you in a structured,
machine-readable, and commonly used format.
- The right to withdraw consent. You also have the right to withdraw
your consent at any time where we relied on your consent to process
your Personal Information.
Legal Basis for Processing Personal Information
We rely on the following legal bases for processing your Personal
Information:
- Contract: To conclude or perform a contract with you; for
example:
- To provide other Services;
- To manage our accounts and records;
- To handle your inquiries and requests;
- When you apply for employment through our Site, processing of your
contact details and data about your employment history and
education (as needed to evaluate your job application, to conduct
job interviews, and as is otherwise needed for recruitment) is
necessary to respond to your request to process your application
for employment. If you do not provide this data, we will not be
able to process the application that you send through our Site.
- Legitimate Interests: When we process your Personal Information
for our legitimate interests, we make sure to consider and balance any
potential impact on you and your rights under data protection laws.
Our legitimate business interests do not automatically override your
interests – we will not use your Personal Information for activities
where our interests are overridden by the impact on you unless we have
your consent or those activities are otherwise required or permitted
to by law. You have the right to object to processing that is based on
our legitimate interests, as further described below. Examples of
legitimate interests include:
- To respond to your customer service inquiries and requests for
information;
- To maintain, improve, and analyze our Site and Services we offer;
- To conduct marketing activities;
- To detect, prevent, or investigate security breaches or fraud; and
- To facilitate the functionality of our Site;
- Legal Compliance: To comply with our legal obligations; for
example:
- To maintain appropriate records for internal administrative
purposes and as required by applicable law, and
- To provide important safety information.
- Consent: We will send you information by email on our Services
or other promotions only with your consent or if you otherwise opt-in
to receive those communications. If you do not provide us with your
consent to the processing of your Personal Information for this
purpose, we will not send you this information. You have the right to
withdraw your consent at any time as described below.
How to Exercise Your Rights Under the GDPR
If applicable, you may exercise any of your rights under the GDPR by
submitting a verifiable data subject request to us by using the contact
details below. You may make a request related to your Personal
Information or on behalf of someone for which you have authorization.
You must include your full name, email address, and attest to the fact
that you are a citizen or resident of the EEA by including your country
of citizenship or residence in your request. We may require you to
confirm your identity and/or legal standing for the request as well as
your residency in the EEA to obtain the information. We will respond to
your request within 30 days or let you know if we need additional time.
Please note that we will ask you to verify your identity before
responding to such requests, and we may deny your request if we are
unable to verify your identity or authority to make the request.
Should you wish to raise a concern about our use of your data (and
without prejudice to any other rights you may have), you have the right
to do so with your local supervisory authority; however, we hope that we
can assist with any queries or concerns you may have about our use of
your Personal Information first by contacting us as via
[online GDPR and Privacy webform with the following]
Name:
Email:
Address:
Phone:
Concern:
Local data representative
15. Your Rights Under the UK GDPR
If you are based in the United Kingdom, the following provisions also
apply:
If we share your personal data within IANS or with third parties located
outside the United Kingdom, we take steps to ensure that appropriate
safeguards are in place to guarantee the continued protection of your
personal data, such as by entering into the UK International Data
Transfer Agreement or the International Data Transfer Addendum to the
European Commission’s Standard Contractual Clauses, adopted by the UK
Government under section 119A of the Data Protection Act 2018.
You have the same data subject rights as those for the EU listed above,
except that references to the "GDPR" should be read as references to the
"UK GDPR" and complaints should be filed with the UK supervisory
authority, the Information Commissioner’s Office.
16. Changes to This Privacy Notice
We may change this Privacy Notice at any time. We will post all changes
to this Notice on this page and will indicate at the top of the page the
modified notice’s effective date. We therefore encourage you to refer to
this page on an ongoing basis so that you are aware of our current
privacy notice. If required by applicable law, we will notify you of
changes.
By continuing to use the Site or Services or providing us with
information following such a replacement Notice being uploaded, you
agree that you will be bound by the Privacy Notice as changed.