3. General Data Protection Regulation (GDPR)
Innovative Assessments International, Ltd. (“IAI”), is committed to protecting the privacy of consumers visiting our websites and using our products and services. IAI wishes to maintain a safe and secure environment for all users of our online products and services. Visit IAI’s EU General Data Protection Regulation (GDPR) below for more information about GDPR and IAI.
What Information Does IAI Collect?
IAI may collect personal information from our users for different purposes. The following lists the ways in which we may collect personal information from our users, and the type of information that may be collected: Information you provide voluntarily
Information we collect automatically:
How Does IAI Use My Information?
IAI uses personal information for the following purposes:
Users may receive such promotional materials and/or be contacted by our business partners only if this is in accordance with their communications preferences. Please see “How Can I Unsubscribe?” for more information.
Does IAI Disclose My Personal Information?
IAI discloses personal information in the following circumstances:
We retain personal information we collect from you where we have an ongoing legitimate business need to do so. For example, we will retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account or request that we no longer use your information to provide you services contact us at email@example.com.Please note that if you ask us to delete your personal information we will endeavor to comply with your request in compliance with applicable law, but may need to retain and use some information where necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Legal Basis for Processing Personal Information (EEA visitors only)If you are a visitor from the European Economic Area, our collection and use of your personal information is based on your consent. If you have questions about or need further information concerning the basis on which we collect and use your personal information, please contact us at firstname.lastname@example.org
Social Media Features and Widgets
What about Security of Data Transmission?
We use technical and organizational measures to protect the personal information that we collect and process about you. The measures we use are intended to provide a level of security appropriate to the risk of processing your personal information. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, IAI cannot guarantee the security of any information you transmit to us or from our products or services.
International Data Transfers
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country. Specifically, our Website servers are located in the U.S. and our third party service providers and partners operate around the world. This means that when we collect your personal information we may process it in any of these countries. However, we have taken legal safeguards, including implementing the European Commission’s Standard Contractual Clauses for transfers of personal information between our group companies, which require all group companies to protect personal information they process from the EEA in accordance with the European Union data protection law. Further details about the Standard Contractual Clauses we have implemented or the safeguards we have adopted with our third party service providers and partners and further details will be provided upon request.
Your Data Protection Rights
You have the following data protection rights: You have the right to access, correct, update or request deletion of the personal information collected about you. Please direct such requests to email@example.com.You have the right to opt-out of marketing communications we send you at any time. Please see the section entitled “How can I unsubscribe?” All access, correction, update, opt-out and deletion requests will be acknowledged and responded to within 30 days of receipt. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. In addition, if you reside in the European Economic Area or Switzerland, you also have the following rights: You have the right to object to the processing of your personal information, the right to ask us to restrict the processing of your personal information or the right to request the portability of your personal information. You can exercise these rights by contacting us at firstname.lastname@example.org
In the circumstances where you have consented to the collection and processing of your personal information, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal. Additionally, if the information was collected for another reason (e.g., to perform a contractual obligation, for legitimate business interests that are not outweighed by your data protection interests or for another legally permissible purpose), the withdrawal of your consent will be effective when such purpose no longer exists. You have the right to file a complaint with a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available here ).
How Can I Unsubscribe?
If you no longer wish to receive our newsletter and promotional communications, you may opt-out of receiving them by following the instructions included in each newsletter or communication, by emailing us at email@example.com or you may contact us using the contact details provided below to opt-out.
How Do I Contact IAI?
I. Information Collection and Use
What Information Does IAI Collect About me and Why?
In most cases, IAI does not collect any personally identifying information from the users of the Service. However, IAI may, in some situations, collect a user’s name, email, phone number and/or ID number, for demo purposes or upon a customer’s specific request (“User Information”). In such cases, this User Information is used only to identify a specific user’s results from our Services.
II. Information Access and Disclosure
When Is My Personal Information or Data Shared?
IAI does not sell or rent your User Information. Your User Information is only shared with the customer who requested the collection of the User Information and is not used for any other reason. The only other situation in which we would otherwise disclose your User Information is if we are required to comply with applicable laws, including compliance with warrants, court orders or other legal process.
III. Data Storage and Transfer
Where Is My Data Stored?
When you use IAI’s Worthy Credit platform, the data transmitted will be stored in AWS (Amazon Web Services) servers located in the United States of America. Please note that AWS is GDPR compliant – see the following link for more details – https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready/
International Data Transfers
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country. Specifically, our servers are located in the U.S. and third party service providers and partners operate around the world. This means that when we collect your personal information we may process it in any of these countries. However, we have taken appropriate legal safeguards, these include implementing the European Commission’s Standard Contractual Clauses for transfers of personal information between our group companies, which require all group companies to protect personal information they process from the EEA in accordance with European Union data protection law. Further details about the Standard Contractual Clauses we have implemented, or the safeguards we have adopted with our third party service providers and partners, will be provided upon request.
How Can I Access or Correct the Information that IAI has About Me?
If you wish to (i) access any personal information that we maintain about you; or (ii) request that we correct or delete the personal information that we maintain about you, you may contact us via email at firstname.lastname@example.org. We will comply with such requests to the extent required by law or our policies, and subject to any limitations in our systems.
Is My Data Secure?
The security of your data is important to us and a responsibility that we embrace. IAI takes reasonable measures to help protect your information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. We use a combination of administrative, physical and logical security safeguards and continue to work on features to keep your information safe. Your data is accessed by IAI as required to support the Service and access is limited to only those within the organization with the need to access to support the Service. For Worthy Credit’s data we use industry standard HTTPS/TLS for data encryption in transit and hardware based encryption for data at rest. Your data is hosted by AWS. We believe AWS is able to invest much more in security, backups and maintenance than many medium to large enterprises. For this reason, we believe the AWS web-based system typically has more security measures in place than many on-premises systems. If IAI learns of a security system breach, we may attempt to notify you and provide information on protective steps, if available, through the email address that you have provided to us or by posting a notice on our web site and/or via other communication platforms. Depending on where you live, you may have a legal right to receive such notices in writing.
Legal Basis for Processing Personal Information (EEA visitors only)
If you are a visitor from the European Economic Area, our collection of your personal information is based upon your consent. If you have questions about or need further information concerning the basis on which we collect and use your personal information, please contact us at email@example.com.
IV. Information Ownership, Data Retention, Service Cancellation and Data Deletion
Who Owns My Data?
Data created and stored in the Service is owned by the applicable Customer and not by IAI.
How Long is My Data Retained?
We will retain information stored on Service-related servers for as long as the account is active, or as needed to provide the Customer with the Service.
How Do I Cancel the Service and Delete My Data?
Your data may be deleted upon request or in accordance with IAI’s contractual agreement with the relevant Customer. In addition, if you reside in the European Economic Area or Switzerland, you also have additional rights under the GDPR. To exercise any of such rights, please contact us at firstname.lastname@example.org.
V. Contact Us
How can I Contact IAI?
3. EU GENERAL DATA PROTECTION REGULATION (GDPR)
The European Union’s General Data Protection Regulation (GDPR) became effective on May 25, 2018. GDPR applies beyond the borders of the EU; any organization that works with EU residents’ personal data in any manner, irrespective of location, has obligations to protect the data. Innovative Assessments (IAI) is aware of its GDPR compliance obligations and its role in providing support to users and customers to meet GDPR requirements.
IAI has and will continue to honor its users’ right to data privacy and protection. This means, among other things, that: we do not collect and process users’ personal information beyond what is required for the functioning of our products or services; we have implemented the European Commission’s Standard Contractual Clauses for international transfers of personal information between our group companies, which require all group companies to protect personal information processed from the EEA in accordance with European Union data protection law; we have implemented policies and procedures to support GDPR requirements with respect to users’ rights (i.e. right to portability, right to erasure, etc.) we have adopted safeguards with our third party service providers and partners; we provide visibility and transparency through our privacy notices which inform our users and customers about what data is collected and how it is used; and we offer Data Processing Agreements, which meet GDPR requirements, to our software as a service (SaaS) customers.