IDS Privacy Policy

Effective date: January 1, 2019

International Decision Systems, Inc. (“us”, “we”, or “our”) operates https://www.idsgrp.com/  (the “Website”).

This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Website and the choices you have associated with that data.

We use your data to provide and improve the Website. By using the Website, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from https://www.idsgrp.com/terms-of-use/.

INFORMATION COLLECTION AND USE

We collect several different types of information for various purposes to provide and improve our website for you.

TYPES OF DATA COLLECTED

Personal Data

While using our Website, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Phone number
  • Address, State, Province, ZIP/Postal code, City
  • Cookies and Usage Data
  • Usernames and Passwords

Usage Data

We may also collect information how the Website is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Tracking Cookies Data

We use cookies and similar tracking technologies to track the activity on our Website and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Website.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Website.

Examples of Cookies we use:

  • Session Cookies.We use Session Cookies to operate our Website.
  • Preference Cookies.We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies.We use Security Cookies for security purposes.

USE OF DATA

Indago, Inc. uses the collected data for various purposes:

  • To provide and maintain the Website
  • To notify you about changes to our Website
  • To allow you to participate in interactive features of our Website when you choose to do so
  • To provide customer care and support
  • To provide analysis or valuable information so that we can improve the Website
  • To monitor the usage of the Website
  • To detect, prevent and address technical issues

TRANSFER OF DATA

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Indago, Inc. will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

DISCLOSURE OF DATA

Indago, Inc. may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation
  • To protect and defend the rights or property of Alabama Motor Express, Inc.
  • To prevent or investigate possible wrongdoing in connection with the Website
  • To protect the personal safety of users of the Website or the public
  • To protect against legal liability

SECURITY OF DATA

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

SERVICE PROVIDERS

We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

LINKS TO OTHER SITES

Our Website may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every website you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party websites or services.

CHILDREN’S PRIVACY

Our Website does not address anyone under the age of 18 (“Children”).

We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

CHANGES TO THIS PRIVACY POLICY

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Website, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

CONTACT US

If you have any questions about this Privacy Policy, please contact us at https://www.idsgrp.com/contact

Updated and Effective date: April 29, 2019

International Decision Systems, Inc. (“us”, “we”, or “our”) operates https://www.idsgrp.com/  (the “Website”).

International Decision Systems, Inc. and its subsidiaries and affiliates (“IDS” or “we”) wish to provide you with transparency and accountability on how IDS collects and uses your personal information and how you can affect IDS’ handling of your personal information.

EU-U.S. Privacy Shield member

International Decision Systems, Inc. participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. We are committed to treating all personal data received from members of the European Union (EU), in reliance on the Privacy Shield Framework, and in compliance with the Framework’s applicable principles. To learn more about the Privacy Shield Framework, please visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/. To view IDS’s certification, please visit https://www.privacyshield.gov/list.

Purpose of Data Collection

Support and Services

IDS provides end-to-end, full lifecycle software solutions for software for financial institutions and equipment leasing companies. When IDS collects personal information to provide support or services, it does so as a data processor on behalf of another company that is acting as a data controller. Specifically, in order to provide product support, it is necessary for businesses that are IDS customers to share information with IDS’ support team to allow IDS to diagnose the reported issue. While providing cloud services and/or professional services, IDS may have visibility to systems where the customer end-users’ data is stored. IDS does not solicit end-user personal information from our customers. However, in some cases, a customer will include personal information of the customer’s end-users.

IDS has no direct relationship with the individuals whose personal data it processes. IDS does not own the information that is submitted to it. IDS uses the personal information only in ways compatible with the purpose for which it was uploaded by the other company, to provide support and services.

Hiring

IDS collects personal data in the recruitment and hiring process for the specific purpose for which the information was collected, to evaluate candidates, contact you regarding the opportunity. As such, IDS is a data controller when it collects data for this purpose. If you communicate with IDS by email or otherwise, complete online forms or surveys, or otherwise interact with or use the features on the application site, any information provided in such communications may be collected by IDS.

Marketing

At some IDS sites, we ask you to provide personal information, such as your e-mail address, name, home or work address or telephone number. We may also collect demographic information, such as your ZIP code, age, gender, preferences, interests and favorites. IDS acts as a data controller when it collects information for this purpose.

We may collect information about your visit, including the pages you view, the links you click, and other actions taken in connection with IDS sites and services. We also collect certain standard information that your browser sends to every website you visit, such as your IP address, browser type and language, access times and referring website addresses.

When you receive newsletters or promotional e-mails from IDS, we may use web beacons, customized links or similar technologies to determine whether the e-mail has been opened and which links you click in order to provide you more focused e-mail communications or other information.

IDS uses this information to market its products and services to current and prospective customers that are businesses and to improve the web experience for visitors.

Consent to process personal data

When IDS acts as a controller of personal information, we will inform you if we intend to use personal data in a materially different way than is disclosed in this Privacy Policy. When the personal information is sensitive, IDS will inform you of how we may use the personal information in order for you to opt-in to such use.

Information sharing

To enable or support us in providing services, we may share your information, including personal information, within our corporate group of companies that are related by common ownership or control.

IDS may provide your personal information to companies that provide services to help us with our business activities. IDS may share personal information with third party partners a) to provide support; b) for the purposes of evaluating and hiring prospective employment candidates; or c) for the purpose of marketing, including pursuant to the administration and operation of the IDS website.

These companies are authorized to use your personal information only as necessary to provide these services to IDS. IDS is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently, transfers to a third party acting as an agent on its behalf. IDS complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

IDS is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). IDS may be required to disclose personal information in response to lawful requests by the FTC and other public authorities, including to meet national security and/or law enforcement requirements. In addition, IDS may share information as required by law, such as to comply with a subpoena, legal proceedings, or similar legal process or when IDS has reason to believe that disclosure is necessary to protect our rights, your safety and the safety of others or to investigate fraud.

Individual right to access data

Upon request, IDS will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information.

IDS takes steps to make sure that the personal information it uses is correct. We will allow data subjects reasonable access to personal data and sensitive data about themselves during normal working hours and upon reasonable request, and will be allowed to update, delete and/or correct any inaccurate information by emailing our Legal department, contact information below. IDS will respond to your request to access within 45 days.

If IDS has obtained your personal information through our customer using IDS support services, to request correction or deletion of personal information, a data subject should directly contact the customer (data controller). If you are an end-user of one of our customers and would no longer like to have your information sent to IDS, please contact the customer that you interact with directly. If our customer requests IDS to remove personal data, we will respond to the request within 45 days.

We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, and for disaster recovery purposes.

Changes to this Policy

IDS may revise or update this privacy policy from time to time to reflect changes to our practices. If we make any material changes we will provide notification through the company’s web site prior to the change taking effect. You should refer to this page for the latest information and the effective date of any changes.

Links to third party websites

Our site links to other websites whose privacy practices may differ from those of IDS. If you submit personal information on any of those sites, your information is governed by their privacy policies.

Independent recourse mechanism

In compliance with the Privacy Shield Principles, IDS commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield Policy should first contact IDS at legal@idsgrp.com.

IDS has further committed to refer unresolved Privacy Shield complaints to The American Arbitration Association (AAA), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgement of your complaint from us, or we have not addresses your complaint to your satisfaction, please contact or visit http://go.adr.org/privacyshield.html for more information or to file a complaint. The services of the AAA are provided at no cost to you.

IDS has further committed to cooperate with EU data protection authorities (DPAs) panel with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.

EU individuals may have the option to select binding arbitration under the Privacy Shield Panel for the resolution of your complaint under certain circumstances. For further information, please see the Privacy Shield website at https://www.privacyshield.gov.

For more information

Questions or concerns about how IDS handles personal data should be directed to the General Counsel:

220 South Sixth Street, Suite 700
Minneapolis, MN 55402
Direct: +1 612-851-3400
legal@idsgrp.com

IDS Privacy Policy

Updated and Effective date: September 2020

 

International Decision Systems, Inc. and its subsidiaries and affiliates (“IDS” or “we”) wish to provide you with transparency and accountability on how IDS collects and uses your personal information and how you can affect IDS’ handling of your personal information.

This notice applies globally and describes how IDS collects, uses, and discloses personal information about you, as set out below.  However, there are some aspects of this privacy notice that only apply to specified jurisdictions, which we have set out below in this notice.

The terms “personal data” and “personal information” mean any information that identifies, relates to, describes, or is reasonably capable of being associated with or linked to an individual or from which an individual can be identified together with other information in our possession or to which we have access. It does not include de-identified or anonymous data where such data is not capable of being used to re-identify any individuals.

Privacy Shield Member

International Decision Systems, Inc. participates in and has certified its compliance with the European Union (EU)-U.S. Privacy Shield Framework as well as the Swiss-U.S. Privacy Shield Framework.

 

While we do not rely on the EU-U.S. Privacy Shield Framework for transfers of personal data from the UK, EU or EEA to the United States (instead, IDS relies on upon Standard Contractual Clauses, which have been approved by the European Commission. For further information on this, please see the ‘Information sharing and International Transfer’ section below),

 

We are committed to treating all personal data which is the subject of EU data protection laws in compliance with the Framework’s applicable principles. To learn more about the Privacy Shield Framework, please visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/. To view IDS’s certification, please visit https://www.privacyshield.gov/list.

 

IDS Support and Services

IDS provides end-to-end, full lifecycle software solutions for software for financial institutions and equipment leasing companies. Our customers select what information is provided to IDS or to which IDS is given access. Specifically, in order to provide product support, it is necessary for businesses that are IDS customers to allow IDS to have access to relevant systems and to share relevant information with IDS. While providing cloud services and/or professional services, IDS may have visibility to systems where the customer end-users’ data is stored, as such access is required to perform services.

IDS has no direct relationship with the individuals whose personal data it processes. IDS does not own the information that is submitted to it. IDS uses the personal information only in ways compatible with the purpose for which it was uploaded by the other company, to provide support and services and may also use this data in aggregate non-personally identifiable form as identified below.

Under UK and European Economic Area (EEA) data protection laws, IDS acts as a data processor on behalf of our customers. If IDS processes your personal data as a data processor, you should contact the data controller if you wish to exercise any of your rights under applicable data protections laws. Further details about our role as a data processor under UK and EEA laws, are set out below.

Who does this policy apply to?

Applications for Employment and Independent Contractors

IDS collects personal data in the recruitment and hiring process in order to evaluate candidates, and contact you regarding the relevant opportunity. Further details are set out below:

Information we hold about candidates:

  • The information you have provided to us in your curriculum vitae and covering letter;
  • The information you have provided on our application form, such as; name, title, address, telephone number, personal email address, date of birth, gender, employment history, qualifications; and
  • Any information you provide to us during an interview.

We may also collect, store and use the following types of  personal information, which under UK and EEA data protection laws are considered as special categories of data (for more detail see Special Categories of Personal Data, below):

  • Information about criminal convictions and offenses;
  • Information about your health, including any medical condition, medical history, health and sickness records; and/or
  • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.

We collect your personal data from the following sources:

  • You, the candidate.
  • Recruitment agencies, credit reference agencies and background check providers that we work with.
  • Your named references.
  • We may also obtained data from third parties when publicly accessible such as social media websites and news outlets source.

How we use your personal data and our purposes

  • Assess your skills, qualifications, and suitability for the role;
  • Carry out background and reference checks, where applicable;
  • Communicate with you about the recruitment process;
  • Keep records related to our hiring processes; and/or
  • Comply with legal or regulatory requirements.

Customers, potential customers, suppliers and visitors to our website

IDS collects personal data in the course of operating its website, conducting marketing activities and discussing our relationship with current and potential customers and suppliers.. Details of the data processing for such activities are set out below:

Information collected

  • Identity Dataincludes first name, last name, username or similar identifier, log-in details, title,  affiliation and/or role at an organization.
  • Contact Dataincludes business address, delivery address, business email address and business telephone numbers.
  • Interaction Data includes data collected when you interact with us by phone, email or in person and may include your preferences, opinions, feedback and survey responses.
  • Technical Dataincludes internet protocol (IP) address, your login data, language, access times, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
  • Usage Dataincludes information about how you use our website, products and services, and web beacons, customized links or similar technologies to determine whether an e-mail has been opened and which links you click on in order to provide you more focused e-mail communications or other information.
  • Marketing and Communications Dataincludes your preferences in receiving marketing from us and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We collect your personal data from the following sources:

  • Direct interactions.You may give us your Identity, Contact, Interaction, Marketing and Communications Data by filling in forms or by corresponding with us by post, phone, email or otherwise:
    • apply for our products or services on behalf of an organization you are affiliated with;
    • request marketing to be sent to you; or
    • give us feedback or contact us.
  • Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see the IDS Cookie Use Notice, https://www.idsgrp.com/cookie-compliance/, for further details.
  • Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
    • Technical Data from the following parties:
      • analytics providers such as Google;
      • advertising networks; and
      • search information providers.
    • Identity and Contact Data from data brokers or aggregators.
    • Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the EU].

How we use your personal data and our purposes

We have set out below, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

Purpose/Activity Type of data Lawful basis for processing when UK/EEA law applies
To register you and provide you with log in details to our products and services (a) Identity

(b) Contact

(c) Interaction

Legitimate interest in use performing a contract with an organization that you are affiliated with
To manage our relationship with our customers and suppliers (who you may be affiliated with, e.g. an employee), including dealing with concerns or complaints you have raised with us (a) Identity

(b) Contact

(c) Marketing and Communications

(d) Interaction

(a) Necessary to comply with a legal obligation

(b) Necessary for our legitimate interests, to keep our records updated and to study how customers use our products/services and where we have an agreement with an organization that you are affiliated with

(c) Necessary for our legitimate interests, to manage our relationship with our suppliers

To enable us to send you marketing material or for us to contact you to promote our business (a) Identity

(b) Contact

(c) Usage

(d) Interaction

(a) Legitimate interests of promoting our business

(b) Consent

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity

(b) Contact

(c) Technical

(d) Usage

(a) Necessary for our legitimate interests, for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise

(b) Necessary to comply with a legal obligation

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences (a) Technical

(b) Usage

Necessary for our legitimate interests, to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy

Marketing

As set out above, from time to time, we may ask you to provide personal information, such as your e-mail address, name, home or work address or telephone number. We may also collect demographic information, such as your ZIP code, age, gender, preferences, interests and favorites. We may also collect Usage and Technical data for the purpose of providing marketing materials to you.

When you receive newsletters or promotional e-mails from IDS, we may use web beacons, customized links or similar technologies to determine whether the e-mail has been opened and which links you click in order to provide you more focused e-mail communications or other information.

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you by contacting us at any time.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.

Information sharing and International Transfer

We may share your information, including personal information:

  • within our corporate group of companies that are related by common ownership or control; and
  • with external third parties such as; companies that provide services to us, professional advisers, regulators, official authorities and law enforcement.

These companies are authorized to use your personal information only as necessary to provide these services to IDS (or under their own responsibilities in the case of regulators, official authorities and law enforcement). IDS is responsible for the processing of personal data it receives, and subsequently, transfers to a third party acting as an agent on its behalf. IDS has Standard Contractual Clause between its entities authoring onward transfers of personal data from the UK and EU, including the onward transfer liability provisions contained in model clauses, as published by the European Commission. IDS may also use transfer personal data outside of the EEA/UK to countries that have been deemed to provide an adequate level of protection for personal data.

IDS is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). IDS may be required to disclose personal information in response to lawful requests by the FTC and other public authorities, including to meet national security and/or law enforcement requirements. In addition, IDS may share information as required by law, such as to comply with a subpoena, legal proceedings, or similar legal process or when IDS has reason to believe that disclosure is necessary to protect our rights, your safety and the safety of others or to investigate fraud.

Failure to provide personal data

If you fail to provide information when requested, this may impact our ability to take certain action. For example if you fail to provide information which is necessary for us to consider your employment application (such as evidence of qualifications or work history), we will not be able to process your application successfully.

Automated Decision-Making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

Retention

For support and services, we will retain your information for as long as the relevant customer’s account is active or as reasonably needed to provide services. For other data processing activities, we will retain and use your information only as reasonably necessary to utilize your information for our legitimate purposes, comply with our legal obligations, resolve disputes, enforce our agreements, and for disaster recovery purposes.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Information for Residents of the European Economic Area and United Kingdom

This section in blue only applies to you if you are a resident of the EEA or UK, in which case, please read the information below, which provides information about the data controller for your personal information and your rights and protections under the law regarding the processing of your personal information.

International Decision Systems, Inc. or International Decision Systems Limited will be the data controller, depending on the relevant processing. This means that the relevant data controller is responsible for deciding how it holds and uses personal information about you. For example, International Decision Systems Limited will be a data controller of staff who it employs, and International Decision Systems, Inc. is a data controller in relation to customers who are UK/EEA data subjects. International Decision Systems, Inc. may also be a data controller in relation to employment of staff of International Decision Systems Limited when it makes the decisions related to recruitment.

International Decision Systems Limited is registered with the UK Information Commissioner’s Office as a data controller under registration number Z6655536.

International Decision Systems, Inc. has appointed International Decision Systems Limited as its representative under UK data protection laws.

This is IDS’ “appropriate policy document” setting out how IDS will protect special categories of personal data and criminal convictions data. This document supports our data protection policies and meets the requirement of the UK Data Protection Act 2018 that an appropriate policy document be in place where processing special categories of personal data and criminal convictions data in certain circumstances.

Legal basis for processing

In relation to applications for employment and independent contractors, the “How we use your personal data and our purposes” sections above correspond to the following legal bases for processing under applicable law:

  • where we need to perform the contract we have entered into with you, or in in anticipation of entering into a contract with you;
  • where we need to comply with a legal obligation; or
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interest.

Special Categories of Personal Data

We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in limited circumstances, with your explicit written consent. We may also process special category information in the following circumstances:

  1. where IDS needs to carry out our legal obligations or exercise rights in relation to your employment or contract with us. This is our appropriate policy document explaining safeguards which we are required by law to maintain when processing such data and this processing is justified on the basis of paragraph 1 (Employment, social security and social protection) of Schedule 1 to the UK Data Protection Act 2018; and/or

 

  1. where it is needed due to substantial public interest, such as for ensuring equal opportunities or in relation to our occupational pension scheme or preventing or detecting an unlawful act. This is our appropriate policy document explaining safeguards which we are required by law to maintain when processing such data and this processing is justified on the basis of paragraphs 8 (Equal opportunity of treatment), 9 (Racial and ethnic diversity at senior levels of organizations) and/or 10 (Preventing or detecting unlawful acts) of Schedule 1 to the UK Data Protection Act 2018.

Less commonly, IDS may process this type of information where:

  • it is needed in relation to legal claims; or
  • you have already made the information manifestly public.

If your application is unsuccessful IDS may retain your special category information for up to 2 years after IDS has communicated to you our decision about whether to appoint you to the role for which you have applied to ensure that we can establish, exercise or defend any legal claims.  Access to such personal information will be restricted from the point at which we have communicated to you our decision about whether to appoint you to the role for which you have applied.

Change of Purpose

When IDS acts as a controller of personal data, we will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. We will inform you if we intend to use your personal data in a materially different way than is disclosed in this Privacy Policy.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Your rights where IDS is the Data Controller

If you are resident in the EEA or UK, and IDS acts as the data controller, you will have certain rights under data protection laws, namely:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to another party.
  • Withdraw consent where we process your personal data on the basis of consent.

You may make a rights request by contacting the IDS Legal Department. You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the IDS Legal Department by emailing legal@idsgrp.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Your rights where IDS is the data processor and is subject to EEA or UK data protection laws

Where IDS acts as the data processor and is subject to EEA or UK data protection laws, you may only make a rights request by contacting the data controller. IDS can only take action when directed to do so by the data controller.

Changes to this Policy

IDS may revise or update this privacy policy from time to time to reflect changes to our practices. If we make any material changes we will provide notification through the company’s website prior to the change taking effect. You should refer to this page for the latest information and the effective date of any changes.

Links to third party websites

Our site links to other websites whose privacy practices may differ from those of IDS. If you submit personal information on any of those sites, your information is governed by their privacy policies. We do not control these third-party websites and are not responsible for their privacy statements.

Independent recourse mechanism and right to make a complaint

In compliance with the Privacy Shield Principles, IDS commits to resolve complaints about our collection or use of your personal information. Individuals with inquiries or complaints regarding our Privacy Shield Policy should first contact IDS at legal@idsgrp.com.

 

IDS has further committed to refer unresolved Privacy Shield complaints to The American Arbitration Association (AAA), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgement of your complaint from us, or we have not addresses your complaint to your satisfaction, please contact or visit http://go.adr.org/privacyshield.html for more information or to file a complaint. The services of the AAA are provided at no cost to you.

 

IDS has further committed to cooperate with EU data protection authorities panel with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.

 

EU and Swiss individuals may have the option to select binding arbitration under the Privacy Shield Panel for the resolution of your complaint under certain circumstances. For further information, please see the Privacy Shield website at https://www.privacyshield.gov.

 

You also have the right to make a complaint to a relevant data protection supervisory authority (such as the UK Information Commissioner’s Office). We would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance.

 

For more information

Questions or concerns about how IDS handles personal data should be directed to the VP of Legal:

220 South Sixth Street, Suite 700
Minneapolis, MN 55402
Direct: +1 612-851-3400
legal@idsgrp.com

 

Please note if you interact with IDS either through or on behalf of your organization then certain personal information may also be subject to your organization privacy practices. For more information, please inquire with your organization.