Last Updated: March 20, 2020
For purposes of privacy laws applicable in the United Kingdom (“UK”), including the General Data Protection Regulation (the “GDPR”) and the UK Data Protection Act 2018, the “data controller” is iContracts (please see Section 12 for contact information). Please note, however, that as a service provider, we primarily use Personal Information on behalf of and at the direction of our customers (e.g., your employer). Where we process Personal Information under the instructions of our customers, our customers are the “data controllers,” and their privacy policies and procedures shall apply.
- Types of Personal Information We Collect and Use
- How We Use Personal Information
- Disclosure of Personal Information
- How We Protect the Confidentiality of Personal Information
- Your Privacy Rights
- Opting Out of Communications
- Personal Data Transferred from the EU or UK to The United States
- Retention of Personal Information
- Other Websites and Services
- Children’s Privacy
- How to Contact Us
“Personal Information” is information that relates to an identified or identifiable individual. This section describes the Personal Information collected by us through the Service and the sources from which we collect Personal Information.
- Information that You or Your Employer Provides Us
To establish a user account, we collect your name, email address, job title, and account credentials.
In addition, we may request other information about you through forms on the Service. For example, to help identify the policies most relevant to you, we ask for your office location. The exact information we need to collect will depend on the purpose of the form. We will indicate on each form whether a field is required.
- Information We Receive from Your Use of the Service
We collect the following types of information automatically through your use of the Service:
- Cookies, Device Identifiers, and Similar technologies
We use Google Analytics as one analytics service to help us analyze the traffic on the Service. For more information on Google Analytics’ processing of Personal Information, please see “How Google uses data when you use our partners’ sites or apps.”
We do not include any features on the Service that allow a third party to track you, in personally identifiable form, over time and across third party sites. We do not respond to Do Not Track signals sent to us by your browser at this time.
- Log File Information
When you use the Service, our servers automatically record information, including your Internet Protocol address (“IP Address”), browser type, referring URLs (e.g., the site you visited before coming to our Service), number of clicks, and how you interact with links on the Service, domain names associated with your internet service provider, pages viewed, and other such information (collectively, “Log File Information”). We use Log File Information collected from our implementation of the Service to identify potential threats and vulnerabilities, and in analyzing the effectiveness of our Service to improve the Service’s function and content.
We use your Personal Information where it is required by law, to perform our obligations under an agreement with you, or to pursue our or our customers’ legitimate interests, including:
- Enabling secure use of the Service;
- Administering our customer accounts, including billing and support;
- Providing, analyzing, administering, supporting, and improving the Service; and
- Protecting our rights or our property, including the exercise or defense of legal claims.
This section describes to whom we disclose Personal Information, and for what purposes:
- Affiliated Entities. We share Personal Information with affiliated entities for the purposes described in Section 2, “How We Use Personal Information.”
- Our Service Providers. We employ service providers to perform tasks on our behalf and to assist us in providing the Service, such as hosting and infrastructure providers and analytics services. When we use third party service providers, we only disclose to them any Personal Information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
- Companies Involved in Mergers and Acquisitions Transactions. If we sell or otherwise transfer part or the whole of our business or our assets to another organization (g., in the course of a transaction like a merger, acquisition, bankruptcy, dissolution, or liquidation), any information collected through the Service, including Personal Information, may be among the items sold or transferred.
- Law Enforcement, Government Agencies, and Courts: We may disclose Personal Information at the request of law enforcement or government agencies or in response to subpoenas, court orders, or other legal process to establish, protect, or exercise our rights or to defend against a legal claim or as otherwise required or allowed by law, or to protect the rights, property, or safety of any other person. We may also disclose Personal Information to investigate or prevent a violation by you of any contractual or other relationship with us or your illegal or harmful activity.
You may contact us if you would like to opt-out of Personal Information (i) being disclosed to a third party (except for service providers who perform task(s) on behalf of and under our instructions); or (ii) being used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. We will promptly review all such requests in accordance with applicable laws.
We use commercially reasonable safeguards to help keep the information collected through the Service secure. Despite these efforts to store Personal Information in a secure operating environment that is not available to the public, we cannot guarantee the security of Personal Information during its transmission or its storage on our systems. Further, while we attempt to ensure the integrity and security of Personal Information, we cannot guarantee that our security measures will prevent third parties such as hackers from illegally obtaining access to Personal Information. We do not represent or warrant that Personal Information about you will be protected against, loss, misuse, or alteration by third parties.
Depending on where you are located, you have may the right to access, amend, delete, export, or object to or restrict the processing of, certain categories of Personal Information. If you would like to exercise the above rights you may submit a request to email@example.com. We will promptly review all such requests in accordance with applicable laws. Where we process Personal Information on behalf of one of our customers (e.g., your employer), we may redirect your request to such customer.
Depending on where you are located, you may have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of the rights concerning your Personal Information. Before you do so, we encourage you to first reach out to us, so we have an opportunity to address your concerns directly.
We send notifications or other information via email (“Communications”). You may choose to stop receiving Communications by following the unsubscribe instructions in any Communication you receive. Please note that certain Service-related Communications are necessary for the proper functioning and use of the Service and you may not have the ability to opt out of those Communications.
iContracts has committed to refer unresolved privacy complaints under the EU-US to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint.
These recourse mechanisms are available at no cost to you. Damages may be awarded in accordance with applicable law. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. In cases of onward transfer to third parties of data of EU or UK individuals received pursuant to the Privacy Shield, iContracts is potentially liable.
The length of time we retain Personal Information is determined by a number of factors, including the purpose for which we use that information and our obligations under applicable laws. We do not retain Personal Information in an identifiable format for longer than is necessary.
We may need your Personal Information to establish, bring or defend legal claims.
The only exceptions to this are where:
- the law requires us to retain Personal Information for a longer period, or delete it sooner;
- you exercise your right to have the information erased (where it applies) and we do not need to retain it in connection with any of the reasons permitted or required under the law; or
- in limited cases, the law permits us to keep your Personal Information indefinitely provided we put certain protections in place.
We are not responsible for the practices employed by any websites or services linked to or from our Service, including the information or content contained within them. We encourage you to investigate and ask questions before disclosing your Personal Information to third parties.
We do not knowingly collect or solicit any Personal Information from children. In the event that we learn that we have collected Personal Information from a child without parental consent, we will promptly take steps to delete that information.
Our representative in the UK, as required by the GDPR, can be contacted at:
C/O Data Protection Officer
Swan Court, 11 Worple Road
+44 208 971 1971