This Statement was last updated in June 2020
This intY Privacy Statement describes our privacy practices. Please read this Privacy Statement carefully to learn how we collect, use, share and otherwise process your personal data, and your rights and choices regarding our processing of your personal data.
A reference to “intY,” “we,” “us,” “our” in this Privacy Statement is a reference to intY Limited.
1. Processing activities covered
This Privacy Statement aims to give you information on how intY collects and
processes your personal data, including when you:
- visit or use our websites which display or link through to this Privacy Statement (including when you provide any data through our websites);
- purchase any of our products and/or services;
- contact us or request information, support or communications from us, including by phone, email, text or fax; and
- register for and/or attend any of our events or webinars.
2. Responsible entity
intY Limited is the controller of your personal data and is responsible for the collection and processing of your personal data as described in this Privacy Statement, unless expressly specified otherwise.
3. What personal data do we collect?
- Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (known as “anonymous data”).
3.1 Personal data we collect directly from you
- We may collect, use, store or transfer personal data directly from you in the following ways:
- if you express an interest in obtaining additional information about our services, request customer support, use our “Contact Us” or similar features, register to use our websites, sign up for an event or webinar, or download certain content, we generally require you to provide us with your contact information, such as your name, job title, company name, address, phone number or email address;
- if you apply for or make purchases via our websites or otherwise, or register for an event, we may also require you to provide us with financial information and billing information, such as billing name and address, credit card number, or bank account information;
- if you attend one of our events or webinars, we may, upon your consent, scan your attendee badge which will provide us with your name, title and company name, address, country, phone number and email address;
- if you use and interact with our websites, we automatically collect log files and other information about your device and your usage of our websites through cookies, web beacons or similar technologies, such as IP-addresses or other identifiers, which may qualify as personal data (please see section 4 (“What device and usage data we process”) below for further information); and
- if you contact us via telephone we may record and store the details of any such calls.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your heath, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
3.2 Personal data we collect from other sources
We may collect information about you from other sources, including our partners, sub-contractors, resellers, agents, product vendors, analytics providers, search information providers, credit reference agencies and other third parties, and we may combine this information with personal data provided by you. This helps us to update, expand and analyse our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. In particular, we may collect the following personal data from the following sources:
- business contact information including but not limited to mailing addresses, job titles, email addresses and phone numbers; and
- ‘intent data’ which is web user behaviour data, IP addresses, social handles, LinkedIn URL and custom profiles from third party data providers for the purposes of targeted advertising, delivering relevant email content, event promotion and profiling.
4. What device and usage data we collect
We use common information-gathering tools, such as log files, cookies, web beacons and similar technologies to automatically collect information, which may contain personal data, from your computer or mobile device as you navigate our websites or interact with emails we have sent you.
4.1 Log Files
We may collect certain information automatically via log files. This collected information may include your Internet Protocol (IP) address (or proxy server), device and application identification numbers, your location, your browser type, your Internet service provider and/or mobile carrier, the pages and files you viewed, your searches, your operating system and system configuration information, and date/time stamps associated with your usage. This information is used to analyse overall trends, to help us provide and improve our websites and to guarantee their security and continued proper functioning. We may also collect IP addresses from users when they log into the services as part of our security features.
4.2 Service Usage Information
We collect information and statistics from our vendors detailing the usage of the services purchased through intY. Where user level information is collected, this data is anonymised so that no personally identifiable information is collected (“Aggregated
Data”). Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this Privacy Statement. We use Aggregated Data to provide recommendations and insights into the usage of our services to our customers and partners through our CASCADE service.
Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved. Some cookies may last for a defined period of time, such as one day or until you close your browser. Others may last indefinitely.
They are placed by software that operates on our servers, and by software operated by third parties whose services we use.
- to track how you use our websites;
- to record whether you have seen specific messages we display on our websites; and
- to keep you signed into our site.
4.4 Notices on behavioural advertising and opt out
As described above, we or third parties may place or recognise a unique cookie on your browser when you visit our websites for the purposes of serving you targeted advertising (also referred to as “online behavioural advertising” or “interest-based advertising”). To learn more about targeted advertising, advertising networks and your ability to opt out of collection by certain third parties, please visit the opt-out pages of the Network Advertising Initiative here, and the Digital Advertising Alliance here.
4.5 Social Media Features
Our websites may use social media features, such as the Facebook “like” button, the “Tweet” button and other sharing widgets (“Social Media Features”). You may be given the option by such Social Media Features to post information about your activities on a website to a profile page of yours that is provided by a third party social media network in order to share with others within your network. Social Media Features are either hosted by the respective social media network or hosted directly on our website. To the extent the Social Media Features are hosted by the respective social media networks, the latter may receive information that you have visited our website from your IP address. If you are logged into your social media account, it is possible that the respective social media network can link your visit of our websites with your social media profile.
Your interactions with Social Media Features are also governed by the privacy policies of the companies providing the relevant Social Media Features and we encourage you to read these.
5. Purposes for which we process Personal Data and the legal bases on which we rely
We will only use your personal data when the law allows us to do so. Most commonly we will use your personal data in the following circumstances:
- Where you have consented before the processing.
- Where we need to perform a contract we are about to enter or have entered with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
We collect and process your personal data for the purposes and on the legal bases identified below:
- Promoting security of our websites: We will process your personal data by tracking use of our websites, creating and collecting Aggregated Data, verifying accounts and activity, investigating suspicious activity, as well as violations of and enforcement of our terms and policies, to the extent this is necessary for the purpose of our legitimate interests in promoting the safety and security of the systems and application used for our websites, and protecting our rights and the rights of others.
- Managing user registrations: We will process your personal data by managing your user account for the purpose of performing the contract with you according to any applicable terms of service.
- Handling contact and user support requests: If you fill out a “Contact us” web form, request user support, or if you contact us by other means, we will process your personal data for the performance of our contract with you and to the extent it is necessary for the purpose of our legitimate interests to fulfil your request and communicate with you. If you contact us by telephone, we may record and store any such calls. These may be processed for the purpose of our legitimate interest to provide training and feedback to our employees and may be used to help resolve any disputes between you and intY.
- Managing event registrations and attendance: We will process your personal data to plan and host the relevant event or webinar, including related communication with you, on the basis of the performance of our contract with you.
- Managing payments: If you have provided financial information, we will process your respective personal data to check the financial qualifications and collect payments to the extent this is necessary for completing any transaction with you under the contract entered into with you.
- Developing and improving our websites: We will process your personal data to analyse trends, track your usage of our websites and interactions with emails to the extent this is necessary for our legitimate interests to develop and improve our websites and to provide our users with more relevant and interesting content.
- Displaying personalised advertisements and content: We will process your personal data to conduct marketing research, advertise to you, provide personalised information about us on and our websites, and other personalised content based upon your activities and interests to the extent it is necessary for our legitimate interests to advertise our websites or, where necessary, to the extent you have provided your prior separate consent (please also view “Your rights relating to your personal data” below to learn how you can control how your personal data is processed by intY for marketing purposes).
- Sending marketing communications: We will process your personal data to send you marketing information, product recommendations and other non- transactional communications about us and our affiliates and partners, including information about our products, promotions or events as necessary for our legitimate interests to conduct direct marketing or to the extent you have provided your prior separate consent (please also see section 10 (“Your rights relating to your personal data”) below to learn how you can control how your personal data is processed by intY for marketing purposes).
- Complying with legal obligations: We will process your personal data when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of personal data to protect our rights, and is necessary for our legitimate interests to protect against misuse or abuse of our websites, to protect personal property or safety, to pursue remedies available to us and limit our damages, to comply with a judicial proceedings, court order or legal process, and/or to respond to lawful requests.
Where we need to collect and process personal data by law, or under the terms of a contract we have entered into with you and you fail to provide that required personal data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
6. Who do we share Personal Data with?
We may share your personal data with the following recipients for the purposes identified in section 5 (“Purposes for which we process personal data and the legal basis on which we rely”) above:
- other companies in the intY Limited group of companies;
- third party service providers, whose products and services you purchase through our CASCADE service;
- our contracted service providers who provide services such as IT and system administration and hosting, card payment processing, research and analytics, marketing, customer support and data enrichment;
- third–party social networks, advertising networks and websites, which usually act as separate controllers, so that intY can market and advertise on third party platforms and websites;
- professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in countries in which we operate who provide consultancy, banking, legal, insurance and accounting services;
- HM Revenue and Customs, regulators and other authorities based in the UK who require reporting of processing activities in certain circumstances; and if we are involved in a merger or reorganisation, sell a website or business unit, or if all or a portion of our business, assets or stock are acquired by another company, we may transfer some or all of your personal data to such third party.
If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Statement.
7. International transfer of information collected
Your personal data may be collected, transferred to and stored by us in the United Kingdom, Europe, the United States and other countries for the purposes identified in section 5 (“Purposes for which we process personal data and the legal basis on which we rely”) above.
Therefore, your personal data may be processed outside the European Economic Area (“EEA”), and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection in the EEA. In this event, we will ensure that a similar degree of protection is afforded to your personal data. For instance, we may enter into standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR) with the recipient, or we will ask you for your prior explicit consent to such international data transfers.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data outside of the EEA.
Our websites, products and services are not directed at children. We do not knowingly collect personal data from children.
9. How long do we keep your Personal Data?
We will only retain your personal data for as long as reasonably necessary to fulfil the original purpose of collection (please see section 5 (“Purposes for which we process personal data and the legal basis on which we rely”) above), including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event there is a prospect of litigation in respect to our relationship with you.
We determine the appropriate retention period for personal data on the basis of the amount, nature, and sensitivity of your personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, and whether we can achieve the purposes of the processing through other means, and the applicable legal requirements, regulatory, tax, accounting or other requirements.
After expiry of the retention periods, your personal data will be deleted. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of the data.
10. Your rights relating to your Personal Data
10.1 Your legal rights
Under certain circumstances you have certain rights regarding your personal data under data protection laws. These may include the following rights:
- to request access to your personal data held by us which enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it (right to access);
- to rectify incomplete or inaccurate personal data and ensure it is correct, although we may need to verify the accuracy of any new data you provide to us (right to rectification);
- to erase/delete or remove your personal data to the extent permitted by other legal obligations where there is no good reason for us continuing to process it (right to erasure; right to be forgotten);
- to restrict our processing of your personal data, which enables you to suspend the processing of your personal data in the following scenarios:
- if you want us to establish the personal data’s accuracy;
- where our use of the personal data is unlawful but you do not want us to erase it;
- where you need us to hold the personal data even if we no longer require it, as you need it to establish, exercise or defend legal claims; or
- if you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it (right to restrict processing);
- to transfer your personal data to you or to a third party, which will be provided in a structured, commonly used, machine-readable format. However, please note this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you (right to data portability);
- to object to any processing of your personal data carried out on the basis of our legitimate interests where there is something about your particular situation which makes you want to object on processing on this ground, as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. Where we process your personal data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you also have the right to object at any time to such processing without having to provide any specific reason for such objection (right to object);
- not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects (“Automated Decision-Making“); Automated Decision-Making currently does not take place on our websites (rights related to automated decision-making); and
- to the extent we base the collection, processing and sharing of your personal data on your consent, to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal (right to withdraw consent).
10.2 How to exercise your rights
If you wish to exercise any of the rights set out above, please contact us in accordance with the “Contacting Us” section below. We try to respond to all legitimate requests within one month and will contact you if we need additional information from you in order to honour your request. Occasionally it may take us longer than a month, taking into account the complexity and number of requests we receive. In this case, we will notify you and keep you updated.
If you have registered for an account with us, you may generally update your user settings, profile, organisation’s settings or event registration by logging into the applicable website with your username and password and editing your settings or profile. To update your billing information, discontinue your account, and/or request return or deletion of your personal data and other information associated with your account, please contact us.
10.3 Your preferences for marketing communications
If we process your personal data for the purpose of sending you marketing communications, you may manage your receipt of marketing and non-transactional communications from us by clicking on the “unsubscribe” link located on the bottom of our marketing emails. Additionally, you may contact us by using the information in the “Contacting us” section below. Please note that opting-out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as information about your subscriptions or event registrations, service announcements or security information.
We have appropriate security measures in place (including organisational, technical and physical measures) to help safeguard against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, the personal data we process or use. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only
process your data on our instructions, and they are subject to a duty of confidentiality.
While we have put in place procedures to protect personal data, no method of storage or transmission is 100% secure. We have put in place some procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
You are solely responsible for protecting your password, limiting access to your devices, and signing out of websites after your sessions. If you have any questions about the security of our websites, please contact us via the “Contacting Us” section below.
12. Changes to this Privacy Statement
We keep this Privacy Statement under regular review and update it from time to time to reflect changes in our practices, technology, legal requirements and other factors. If we do update it, we will update the “effective date” at the top of this Privacy Statement. If we make an update, we may provide you with notice prior to the update taking effect, such as by posting a conspicuous notice on our website or by contacting you using the email address you provided.
We encourage you to periodically review this Privacy Statement to stay informed about our collection, processing and sharing of your personal data.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
13. Contacting us
To exercise your rights regarding your personal data, or if you have questions regarding this Privacy Statement or our privacy practices please contact us in the following ways:
Postal address: Attn: Data Protection Officer, intY Limited, 170 Aztec West, Bristol, BS32 4TN
Email: [email protected], please mark your email for the attention of the Data Protection Officer.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA, you have the right to lodge a complaint at any time with the competent supervisory authority.