Online Privacy Policy Agreement

Last Updated: August 8, 2023

The International Detailing Association and its subsidiaries (“IDA,” “we,” “our,” or “us”) values its users’ (“you,” “your,” or “yours”) privacy. This Privacy Policy (“Policy“) will help you understand how we collect and use personal information about you that you may provide when you visit our Website (defined below) or make use of our online facilities and services, what we will and will not do with the information we collect, and your privacy rights and how the law protects you.

We reserve the right to make changes to this Policy at any given time without notice to you. Such changes shall be effective when posted.  If you want to make sure that you are up to date with the latest changes to this Policy, we advise you to frequently visit this page to review the Policy. If you are a registered user, we may or may not notify you via email of any changes or updates made to this Policy. If at any point in time we decide to make use of any personally identifiable information on file, in a manner vastly different from that which was stated when this information was initially collected, you will be promptly notified by email using the email address you provided to us of the requested permitted use. At that time, you will have the option to permit or not permit the use of your information in this separate manner.

This Policy applies to our use of your information, and it governs any and all data collection about you and our usage of that information. By accessing or using www.DetailingNearby.com and any subsidiary website listed below (collectively, the “Website”), you are consenting to the data collection procedures expressed in this Policy.

Subsidiary Company:
Detailing Nearby
IDA

Subsidiary Website:
the-ida.com 

Please note that this Policy does not govern the collection and use of information by companies that we do not control (for example, links to third party websites which may be contained on the Website), nor by individuals not employed or managed by us. If you visit a website that we mention or link to on the Website, you do so at your own risk, and we do recommend that you review its privacy policy before providing the site with information. It is highly recommended and suggested that you review the privacy policies and conditions of any website you choose to use to better understand the way in which websites garner, make use of, and share the information collected.

Specifically, this Policy will inform you of the following:

What personally identifiable information is collected from you through our Website;

  1. Why we collect personally identifiable information and the legal basis for such collection;
  2. How we use the collected information and with whom it may be shared;
  3. What choices are available to you regarding the use of your data;
  4. The security procedures in place to protect the misuse of your information; and
  5. How to correct any inaccuracies in the personally identifiable information we collect.

Information We Collect

We are the owners of the information, content, and other materials we provide through our Website. This Policy specifies our rights to the information provided by you and/or collected through our Website. We only have access to and/or collect information that you voluntarily provide us via our Website, any email you send us, any donation or purchases you make through the Website, any feedback you provide, any comments submitted by you to the blog or other portions of the Website, or other direct contact from you. We may also collect information as a result of your interaction with our Website.

Personal Information” includes all personally identifiable information that is specific to you (e.g., name, address, phone number, email address, shipping address, billing address, etc.). This information may be combined with information already in our possession or made available to us through other information we are licensed to receive, and/or information we obtain from other sources. Except as specifically noted herein, we do not provide any Personal Information to any unaffiliated third party.

We may collect information about you through your use of our Website with software application tools and data files, such as cookies, web log files, IP addresses, device state information, unique device identifiers, device hardware, and OS information (“Usage Information”). You may be able to control such Usage Information through the control settings on your device, but removing such Usage Information tools may impact the convenience to use or the functionality of the Website.

We may collect and process information through our Website about the location of your device using GPS or other location technologies, such as sensor data from your mobile device providing information about nearby Wi-Fi access points and cellular network towers (“Location Information”). We use Location Information solely as necessary to analyze and improve our Website.

It is always up to you whether to disclose Personal Information, Usage Information, or Location Information to us, although if you elect not to do so, it may impact the functionality of the Website and we reserve the right not to register you as a user or provide you with any products or services.

In addition, we may have the occasion to collect aggregated or de-identified information, which will assist us in providing and maintaining superior quality service.  Such aggregated or de-identified information does not constitute “Personal Information” as it is no longer identifiable.  We may also deem it necessary, from time to time, to follow websites that our users may frequent to glean what types of services and products may be the most popular to customers or the general public.

Use and Disclosure of Information We Collect and Why We Collect It

We use your Personal Information as necessary to operate the Website.  In addition, we may use the information we collect about you, including any Personal Information, Usage Information, and Location Information for the following reasons:

  • To better understand your needs, respond to any questions you ask, respond to any reason for which you may contact us, or provide you with the services or products you have requested;
  • To fulfill our legitimate interest in improving our services and products or developing new services and products;
  • To send you, directly or indirectly, promotional and marketing emails containing information we think you may like when we have your consent to do so;
  • To contact you to fill out surveys or participate in other types of market research, when we have your consent to do so;
  • To customize our Website according to your online behavior and personal preferences;
  • To monitor usage and interaction statistics on our Website, and/or through responses to our communications;
  • To perform data analytics for our internal business purposes;
  • To communicate with you to request feedback or to notify you of changes to our terms, conditions, or this Policy;
  • To track use of the Website, investigate suspicious activity, and enforce our terms and policies, and to measure and improve the operation and security of the Website;
  • To assess and improve the Website and its functionality;
  • To allow us to disclose your information to the extent permitted or required by law or as you may otherwise authorize; and
  • To our Third Party Providers as described below or external auditors who have agreed to keep the information confidential.

We use the Usage Information to perform data analytics, analyze, and evaluate the features and functionality of our Website. We may also use Usage Information to process automatic crash reporting, which collects reports of crashes, other technical issues, and information relating to how our Website is functioning.

We may use Location Information to customize the Website or information specific to your region. You have the ability to control access to Location Information through the control settings on your device.

This information may also be provided to our Third Party Providers (as defined below) as necessary to provide our Website, and related functionality and offer other services and products. Our “Third Party Providers” may include, in addition to any of our data sources, software development, application and data hosting, wireless network services providers, payment processors, and any digital analytics or marketing services. We are responsible for assuring that these Third-Party Providers comply with the terms of this Policy.

We do not sell, share, rent, or lease any of your Personal Information to any third parties (other than our Third Party Providers) without your prior authorization, unless doing so is necessary: 1) to enforce this Policy, 2) to comply with laws, regulations, or other legal processes, 3) to protect the rights, property, or safety of us or others, 4) to comply with a valid order or process from a public authority, 5) to protect against misuse or unauthorized use of the Website, 6) to detect or prevent criminal activity or fraud, or, 7) in the event that we or substantially all of our assets are acquired by one or more third parties as a result of an acquisition, merger, sale, reorganization, consolidation, liquidation, or other similar transaction, in which case such information may be one of the transferred assets.

We may also be in contact with you to request your completion of surveys and/or research questionnaires related to your opinion of current, potential, or future services that may be offered.

The International Detailing Association uses various third-party social media features including but not limited to Facebook (Meta), Instagram, Tiktok, Google and other interactive programs. These may collect your information and require cookies to work properly. These services are governed by the privacy policies of the providers and are not within our control.

Data Retention

The information we collect from you will be stored for no longer than necessary or as otherwise required by law. The length of time we retain said information will be determined based upon the following criteria: the length of time your Personal Information remains relevant; the length of time it is reasonable to keep records to demonstrate that we have fulfilled our duties and obligations; any limitation periods within which claims might be made; any retention periods prescribed by law or recommended by regulators, professional bodies, or associations; the type of contract we have with you, the existence of your consent, and our legitimate interest in keeping such information as stated in this Policy.

Non-Marketing Purposes

We respect your privacy. We do maintain and reserve the right to contact you if needed for non-marketing purposes (such as bug alerts, security breaches, account issues, and/or changes in our products and services, or changes to this Policy). In certain circumstances, we may use our Website or other appropriate means to post a notice.

Children under the age of 13

In compliance with the Children’s Online Privacy Protection Act, 15 U.S.C. § 6501.06 and 16 C.F.R. §§ 312.1 – 312.12, our website is not directed to, and does not knowingly collect personal identifiable information from, children under the age of thirteen (13). If it is determined that such information has been inadvertently collected on anyone under the age of thirteen (13), we shall immediately take the necessary steps to ensure that such information is deleted from our system’s database, or in the alternative, that verifiable parental consent is obtained for the use and storage of such information. Anyone under the age of thirteen (13) must seek and obtain parent or guardian permission to use this website.  By using our Website, you represent that you are not under the age of thirteen (13). Please contact us as noted below if you know or suspect that we have collected information from children under the age of thirteen (13) and we will take prompt measures to remove such information.

Unsubscribe or Opt-Out

All users and visitors to our website have the option to discontinue receiving communications from us by way of email or newsletters. To discontinue or unsubscribe from our website please send an email stating that you wish to unsubscribe to info@the-ida.com. If you wish to unsubscribe or opt-out from any third-party websites, you must go to that specific website to unsubscribe or opt-out. We will continue to adhere to this Policy with respect to any personal information previously collected.

Links to Other Websites

Our website does contain links to affiliate and other third-party websites. We do not claim nor accept responsibility for any privacy policies, practices, and/or procedures of other websites. Therefore, we encourage all users and visitors to be aware when they leave our Website and to read the privacy statements of every website that collects personally identifiable information. This Policy applies only and solely to the information collected by our Website.

Security

We take precautions to protect your Personal Information, including reasonable physical, administrative, and technical measures. When you submit Personal Information via the Website, your Personal Information is protected both online and offline. Wherever we collect Personal Information, that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a lock icon in the address bar and looking for “https” at the beginning of the address of the webpage.

While we use encryption to protect Personal Information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to Personal Information. The computers and servers in/on which we store Personal Information are kept in a secure environment. This is all done to prevent any loss, misuse, unauthorized access, disclosure, or modification of the user’s Personal Information under our control.

The Company also uses Secure Socket Layer (SSL) for authentication and private communications to build users’ trust and confidence in the internet and website use by providing simple and secure access and communication of credit card and Personal Information.

Notwithstanding the foregoing, no website, database, or system is completely secure or “hacker proof.”  You are responsible for taking reasonable steps to protect your Personal Information against unauthorized disclosure or misuse.

Your Rights

Depending on where you live, you may have certain legal rights under applicable law. For example, you may have the following rights:

  • Right to Access – means you can ask us for a copy of any Personal Information we have about you, if any.
  • Right to Correct – means you may ask us to change and/or correct any Personal Information we have about you.
  • Right to Delete – means you may ask us to delete any Personal Information we have about you, and we will be happy to do so unless we are required to retain such information by law or regulation or we have a right to retain subject to a user agreement for our internal business purposes.
  • Right to Transfer – means you may request a copy of your Personal Information, in a commonly used and machine-readable format, be provided to you or to a third party you specify.
  • Right to Limit – means you have the right at any time to unsubscribe to any marketing communication from us and we will promptly honor such request.

See also the specific laws addendum.  If you live somewhere not listed in the addendum and believe you have additional rights, please contact us as noted below to discuss your rights.

Acceptance of Terms

By using this website, you are hereby accepting the terms and conditions stipulated within this Policy. If you are not in agreement with our terms and conditions, then you should refrain from further use of our Website. In addition, your continued use of our Website following the posting of any updates or changes to our terms and conditions, shall mean that you agree and accept such changes.

How to Contact Us

If you have any questions or concerns regarding this Policy as it relates to our website, please feel free to contact us at the following email, telephone number, or mailing address:

Email: info@the-ida.com

Telephone Number: 651.925.5526

Mailing Address:

The International Detailing Association
2345 Rice St Ste 220
Saint Paul, Minnesota
55113

Specific Laws Addendum

United States

Last Updated August 8, 2023

The following additional terms may apply to you depending on where you reside in the United States. To the extent of any inconsistency, these terms take precedence over the terms in our Policy in relation to Personal Information that is collected and/or held in the United States.

Please use the contact information in the Policy if you wish to access or correct any of your Personal Information that we hold or if you would like to report a potential breach by us of any applicable laws of the United States, our Policy, or this Addendum.  We will promptly acknowledge and investigate any such reports.

The laws of the states described below are the ones we are currently aware of that require giving individual notice and/or consent with respect to our Website or services, and that provide for specific individual rights with respect to our Website or services. We recognize that other states also have laws that may affect your privacy rights with respect to our Website or services, and we direct you to the information in our Policy for a description of such rights.

As described further in our Policy, in the preceding twelve months, we or our service providers may have collected the below categories of Personal Information for business or commercial purposes:

  • Identifiers (such as name, email address, address, and phone number);
  • Commercial information (such as transaction data);
  • Internet or other network or device activity (such as IP address, unique device, advertising ID, browsing history, or other usage data);
  • Location information (general location, and, if you provide permission, precise GPS location);
  • Sensory information (such as audio recordings if you call our customer service);
  • Inferences about your preferences and traits through your use of the Website; and
  • Other information that identifies or can be reasonably associated with you.

We collect the categories of personal information identified above from the following sources: (1) directly from you; (2) through your use of the Website or other interactions with us; (3) affiliates; and (4) third-parties such as other users or our Third Party Providers.

We or our service providers may collect the categories of information identified above for the following business or commercial purposes (as those terms are defined in applicable law):

  • Our or our service provider’s operational purposes;
  • Auditing consumer interactions on our site (e.g., measuring ad impressions);
  • Detecting, protecting against, and prosecuting security incidents, fraudulent or illegal activity, and activity that violates any terms or policies;
  • Bug detection, error reporting, and activities to maintain the quality or safety of our Website and services;
  • Short-term, transient use, such as customizing content that we or our service providers display on services;
  • Providing services (e.g., account servicing and maintenance, data processing, customer service, advertising and marketing, analytics, communication about our Website or services, facilitating communications between users);
  • Improving our existing Website and services and developing new services or products (e.g., by conducting research to develop new products or features, or to train our employees on issues that our users need to be resolved);
  • Other uses that advance our commercial or economic interests, such as third-party advertising and communicating with you about relevant offers from third-party partners; and
  • Other uses about which we notify you.

We describe our information sharing practices in this Policy. In the previous twelve months, we may have shared certain categories of Personal Information with third-parties for business purposes. The personal information shared may include the following categories of Personal Information: (1) identifiers; (2) commercial information; (3) usage information; (4) location information; and (5) other information that can be associated with you.

Examples of these types of uses are identified below. We may also use the below categories of Personal Information for compliance with applicable laws and regulations, and we may combine the information we collect (“aggregate”) or remove pieces of information (“de-identify”) to limit or prevent identification of any particular user or device.

Table of Categories of Data, Uses and With Whom Shared

Categories of Personal Information We Collect Examples of Uses Categories of Third Parties With Which We May Share That Information Collected/
Shared
Identifiers (e.g., real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name)
  • Providing our Website and services
  • Updating and improving our Website and services
  • Personalizing content
  • Marketing and advertising
  • Communicating with you
  • Analyzing your use of our Website
  • Preventing, detecting, investigating, and responding to fraud, unauthorized access/use of our Website, breaches or potential breaches of terms and policies
  • Internal training of our personnel
  • Affiliates
  • Third Party Providers
Yes
Any personal information described in subdivision (e) of Section 1798.80 (e.g., name, address, telephone number, bank account number, credit card number, debit card number, or any other financial information (with financial information only as required by our Third Party Provider (i.e., Stripe))
  • Providing our Website and services
  • Updating and improving our Website and services
  • Communicating with you
  • Analyzing your use of our Website
  • Preventing, detecting, investigating, and responding to fraud, unauthorized access/use of our services, breaches or potential breaches of terms and policies
  • Internal training of our personnel
  • Affiliates
  • Third Party Providers
Yes
Characteristics of protected classifications under California or federal law
  • Not used
  • None
No
Biometric information used for identification (e.g., imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information)
  • Not used, HOWEVER, we may record customer service calls and/or training videos; such recordings are NOT used for identification purposes
  • None
No
Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement)
  • Providing our Website and services
  • Updating and improving our Website and services
  • Personalizing content
  • Marketing and advertising
  • Analyzing use of our Website
  • Preventing, detecting, investigating, and responding to fraud, unauthorized access/use of our services, or breaches or potential breaches of terms and policies
  • Affiliates
  • Third Party Providers
Yes
Geolocation information (general location, and, if you provide permission, precise GPS location)
  • Providing our Website and services
  • Updating and improving our Website and services
  • Personalizing content
  • Marketing and advertising
  • Analyzing use of our Website
  • Preventing, detecting, investigating, and responding to fraud, unauthorized access/use of our services, or breaches or potential breaches of terms and policies
  • Affiliates
  • Third Party Providers

 

Yes
Sensory information (e.g., audio, electronic, visual, thermal, olfactory, or similar information)
  • Providing our Website and services
  • Updating and improving our Website and services
  • Personalizing content
  • Analyzing use of our Website
  • Preventing, detecting, investigating, and responding to fraud, unauthorized access/use of our services, or breaches or potential breaches of terms and policies
  • Internal training of our personnel
  • Affiliates
  • Third Party Providers

 

Yes
Professional or employment-related information
  • Not used
  • None
No
Education information (not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99)
  • Not used
  • None
No
Inferences drawn (to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes)
  • Providing our Website and services
  • Updating and improving our Website and services
  • Personalizing content
  • Analyzing use of our Website
  • Preventing, detecting, investigating, and responding to fraud, unauthorized access/use of our services, or breaches or potential breaches of terms and policies
  • Affiliates
  • Third Party Providers
Yes
Sensitive personal information (e.g., account log-in, financial account, debit card, or credit card number with any required security or access code, password, or credentials allowing access to an account; precise geolocation)
  • Our Third Party Provider uses to: Process payments for our products or services
  • Updating and improving our Website and services
  • Analyzing use of our Website
  • Preventing, detecting, investigating, and responding to fraud, unauthorized access/use of our services, or breaches or potential breaches of terms and policies
  • Affiliates
  • Third Party Providers
Yes

We collect the categories of Personal Information identified above from the following sources: (1) directly from you; (2) through your use of the Website; (3) affiliates; and (4) third-parties such as other users or our third-party providers.

For Residents of Colorado

The Colorado Privacy Act goes into effect as of July 1, 2023. If you are a resident of Colorado and you meet the definition of a “consumer,” you may have certain rights.

Summary of Information We Collect

Colorado law requires us to disclose information regarding the categories of personal data that we have collected about Colorado consumers, the categories of sources from which we collect personal information, the business or commercial purposes (as each of those terms are defined by applicable law) for which we collect personal information, and the categories of parties with whom we share personal information. See the details as noted above for categories of information and uses.

Rights

Colorado law may permit you to request that we act on a consumer’s following rights:

  • Right of access to and/or a copy of certain information we hold about you.
  • Right to correct any inaccuracies in your personal data.
  • Right to request that we delete your personal data.
  • Right to obtain your personal data in a portable (and, if technically feasible, readily usable) format.
  • Right to request to opt-out of the sale of personal data, targeted advertising, or profiling in furtherance of decisions that produce legal or similarly significant effects.

If you would like to exercise any of these rights, please submit a request to privacy@thinksmallinstitute.org. You will be required to verify your identity before we are able to fulfill your request. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.

Please note that while we may record customer service calls and/or training videos; we do not digitally analyze any such data for any biometric identification purposes.

For Residents of Nevada

Rights

Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration to a person for that person to license or sell such information to additional persons. “Personally identifiable information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a person to be contacted either physically or online.

We do not engage in such activity.

 

Non-US Country Addendum

EU/EEA

Last Updated August 8, 2023

The following additional terms apply to you if you reside in the European Union/European Economic Area (EU/EEA). To the extent of any inconsistency, the following terms take precedence over the terms in our Policy in relation to personal data that is collected and/or held relating to individuals (i.e., data subjects) residing in the EU/EEA.

The EU/EEA’s General Data Protection Regulation (GDPR) governs our processing (as defined under GDPR) of your personal data, as well as your rights regarding the same. As used in this Addendum, the following terms have the following meanings:

“Breach”, “data controller”, “data processor”, “Data Protection Authority”, “data subject”, “data subject rights”, “Member State”, “personal data”, “personal data breach”, “processing” (and “process”) (regardless of whether capitalized herein) have the meanings given to them in GDPR.

“Standard Contractual Clauses”, for purposes of our Policy, means the template agreement contained in the Annex of the European Commission’s Implementing Decision of 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, and any replacement, amendment or restatement of the foregoing issued by the European Commission.

Data controller; processing

IDA is a data controller of your personal data.  GDPR sets forth specific obligations of a data processor and data controller in each of these roles.

Lawful Basis for our Processing of Your Personal Data.

As the data controller, we are responsible for establishing a lawful basis for the processing of your personal data. We rely on our legitimate interests under GDPR Article 6 in order to engage in the processing of your personal data. This means that we have a legitimate interest in receiving and processing your personal data in order to provide our Website and services. We may, in some cases, also rely on obtaining your consent under GDPR Article 6 as the lawful basis of their processing of your personal data. If so, this means that we have requested your explicit consent (or “opt-in”) to their processing of your personal data.

Data Protection Officer.

IDA has appointed a Data Protection Officer (DPO).

Individual Rights

As also noted in our Policy, you may make the following requests from us as the data controller. In each case these rights are subject to restrictions and/or exceptions as specified in the GDPR. The following is a summary of your rights:

  • The right of access, enabling you to receive a copy of your personal data;
  • The right to rectification, enabling you to correct any inaccurate or incomplete personal data we hold about you;
  • The right to erasure, enabling you to ask us to delete your personal data in certain circumstances;
  • The right to restrict processing, enabling you to ask us to halt the processing of your personal data in certain circumstances;
  • The right to object, enabling you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party); and
  • The right to data portability, enabling you to request us to transmit personal data that you have provided to us to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible.

Under GDPR, a data subject also has the right to lodge a complaint with a Data Protection Authority, in particular in the Member State of the data subject’s residence, place of work, or place of an alleged infringement, if the data subject considers that the processing of the personal data infringes the GDPR.

If you wish to exercise any of these rights, please contact us using the contact information provided in our Policy. Please note that the GDPR specifies when the data controller may refuse your request where there is a basis to do so in law, or if your request is manifestly unfounded or excessive.

Special Categories of Personal Data

Our Website does not require the collection or processing of any sensitive personal data or sensitive information, as defined in applicable data protection laws (e.g., racial, ethnical origin, political opinions, religious beliefs, etc.).  We may nevertheless collect such sensitive personal data about you, or we may collect it incidentally if you provide such data to us. By providing any sensitive personal data or by providing information by a recording, you consent to our collection of such information, however, we do not require or use such data to provide our Website or services.

International Transfers of Data

Personal Information originating in the EU/EEA will generally be stored on servers in the EEA but may be accessed and/or processed in a limited manner outside of the EEA. We adhere to the GDPR where it applies to our Website or services. Where your personal data is processed outside of the EEA, we will put in place appropriate safeguards.  Where appropriate, we may enter into Standard Contractual Clauses with importers or processors and/or other relevant third parties for the transfer of your personal data and may carry out a risk assessment and/or take necessary security measures in order to fulfill our obligations under GDPR.

If we determine we are unable to provide equivalent protection of your personal data, including by entry into the Standard Contractual Clauses, we may seek to rely on derogations authorized by the GDPR, including the derogation of consent/contract/request of data subject. If relying on your consent, we will seek your explicit consent in advance.

United Kingdom

Last updated August 8, 2023

The following additional terms apply to you if you reside in the United Kingdom (UK).  To the extent of any inconsistency, these terms take precedence over the terms in our Policy in relation to personal data that is processed in the UK.

The UK’s General Data Protection Regulation (UK GDPR) governs our processing (as defined therein) of your personal data, as well as your rights regarding the same. As used in this Addendum, the following terms have the following meanings:

“Breach”, “data controller”, “data processor”, “Information Commissioner’s Office (ICO)”, “data subject”, “data subject rights”, “personal data”, “personal data breach”, “processing” (and “process”) (regardless of whether capitalized herein) have the meanings given to them in the UK GDPR.  The UK GDPR may regard a video as “personal data” if the image can be used to identify you.

“UK Addendum” means the International Data Transfer Addendum to the EU/EEA Standard Contractual Clauses issued by the ICO, version B1.0 in force March 21, 2022, as may be amended from time to time (or any successor version).

Data controller; processing

IDA is a data controller of your personal data. The UK GDPR sets forth specific obligations of data controllers and processors in each of these roles.

Lawful Basis for our Processing of Your Personal Data.

Because we are a data controller, we are the ones who are responsible for establishing a lawful basis for the processing of your personal data. We rely on our legitimate interests under UK GDPR Article 6 in order to engage in the processing of your personal data. This means that we have a legitimate interest in receiving and processing your personal data in order to provide the Website and services. We might in some cases also rely on obtaining your consent under UK GDPR Article 6 as the lawful basis of our processing of your personal data. If so, this means that we have requested your explicit consent (or “opt-in”) to their processing of your data. If applicable, you will be provided with our Consent and/or Lawful Basis to Collection and Processing of Personal Data notice.

Data Protection Officer.

IDA has appointed a Data Protection Officer (DPO) as specified in our Policy.

Individual Rights

As also noted in our Policy, you may make the following requests from us as the data controller. In each case these rights are subject to restrictions and/or exceptions as specified in the UK GDPR. The following is a summary of your rights:

  • The right of access, enabling you to receive a copy of your personal data;
  • The right to rectification, enabling you to correct any inaccurate or incomplete personal data we hold about you;
  • The right to erasure, enabling you to ask us to delete your personal data in certain circumstances;
  • The right to restrict processing, enabling you to ask us to halt the processing of your personal data in certain circumstances;
  • The right to object, enabling you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party); and
  • The right to data portability, enabling you to request us to transmit personal data that you have provided to us to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible.

    You have the right to lodge a complaint with the ICO if you consider that the processing of your personal data infringes the UK GDPR.  If you wish to exercise this right, please contact us. You may also contact us using the contact information provided in our Policy. We have the right to refuse your request where there is a basis to do so in law, or if your request is manifestly unfounded or excessive.

    Special Categories of Personal Data

    Our Website does not require the collection or processing of any sensitive personal data or sensitive information, as defined in applicable data protection laws (e.g., racial, ethnical origin, political opinions, religious beliefs, etc.).  We may nevertheless collect such sensitive personal data about you, or we may collect it incidentally if you provide such data to us. By providing any sensitive information or by providing information by recording, you consent to our collection of such information and our use and disclosure of it in accordance with our Policy for purposes directly related to the reason it was provided.

    International Transfers of Data

    Personal Information originating in the UK will be stored on servers in the UK but may be accessed and/or processed in a limited manner outside of the UK. We adhere to the UK GDPR where it applies to our Website. Where your data is processed outside of the UK, we have put in place appropriate safeguards.  Where appropriate, we may enter into the UK Addendum to the Standard Contractual Clauses with an importer or processor and/or other relevant third parties for the transfer of your personal data and may carry out a risk assessment and/or take necessary security measures in order to fulfill our obligations under the UK GDPR.

    If we determine we are unable to provide equivalent protection of your personal data, including by entry into the UK Addendum to the Standard Contractual Clauses, we may seek to rely on derogations authorized by the UK GDPR, including the derogation of consent/contract/request of data subject. If relying on your consent, we will seek your explicit consent in advance.

    Canada

    Last updated August 8, 2023

    The following additional terms apply to you if you reside in Canada. To the extent of any inconsistency, these terms take precedence over the terms in our Policy in relation to personal information that is collected and/or held in Canada.

    Applicable Law

    At the Canadian federal level, the Personal Information Protection and Electronic Documents Act (PIPEDA) establishes a framework for the collection and use of your personal information across Canada (e.g., if you are a candidate for employment of an organization that is a federally regulated work, undertaking, or business (e.g., Canadian bank, airline, broadcaster, etc.)). PIPEDA may not apply to personal information about you for use of our Website.

    If PIPEDA does not apply, Canadian provincial privacy laws may still apply. We will comply with any such specific provincial privacy laws that apply to our Website or services.  For example, Alberta, British Columbia, and Quebec may have provincial privacy laws that apply to your personal information.

    Consent

    Depending on the applicable data protection laws, we may need to obtain your consent for the collection, use, or disclosure of your personal information. In Canada, your consent is only valid if it is reasonable to believe that you understand the nature, purpose, and consequences of the collection, use, or disclosure of your personal information. You may withdraw your consent at any time.

    At the time of obtaining your consent, we must provide you with the following:

    • A list of types of personal information being collected and processed;
    • A list of third parties with whom it is being shared (including the countries for such parties if outside Canada);
    • A stated commitment to handling your personal information according to our Policy, and provide a link to that policy;
    • An explanation of the risk of harm and other potential consequences in using our Website;
    • A “No, I do not consent” button or similar option and explain to you the consequences of withholding your consent; and
    • A statement of the possibility for you to withdraw your consent after providing it.

    If applicable, you will be provided with our Consent and/or Lawful Basis to Collection and Processing of Personal Data notice.

    Opting Out of Email Communications

    Canada’s Anti-Spam Legislation (CASL) requires your consent on an opt-in basis in order for us to communicate with you by email. If you elect to provide us with an email address, we will treat such provision as your consent to opt-in to our use of email as a communication means. If applicable, you will be provided with our Consent and/or Lawful Basis to Collection and Processing of Personal Data notice. You may opt-out of email communication at any time.