Table of Contents
- Scope of this Privacy Notice
- What personal information do we collect
- How do we obtain your personal information
- Use of our website
- How do we use your personal information
- How we share your personal information
- Retention
- International data transfers
- Data subject rights
- Security of your personal information
- Children's Privacy
- Changes to this Privacy Notice
- Contacting Us & How to Make a Complaint
Scope of This Privacy Notice
iManage LLC, our parent companies, subsidiaries and affiliates (collectively, the “iManage companies” or “we,” “us” or “our”) respect your privacy. This “Privacy Notice” informs you of our privacy practices and how your personal information is collected and used by us, and it also informs you of your rights and the options available to you. Where we determine the purposes and means of processing personal information, we act as the data controller. For users located in the EEA, the term personal information used in this Privacy Notice is equivalent to the term “personal data” under the General Data Protection Regulation (“GDPR”). For users located in the UK, the term personal information used in this Privacy Notice is equivalent to the term “personal data” under the UK General Data Protection Regulation (“UK GDPR”).
This Privacy Notice is readily available on our home page found at https://imanage.com and at the bottom of our other web pages.
What Personal Information Do We Collect
iManage (and the vendors and other parties we use to perform services on our behalf) may collect, receive, and develop several categories of personal information about you depending on the nature of your interactions with us. For example:
We collect Contact Information and Other Identifiers. We might collect your name, email address, account username and password, alias, social media account handles, phone number, date of birth, government ID numbers (including, for example, tax ID number, Social Security number), and mailing address. At our security desks, for example, we might also collect information from your driver’s license or other identification documents you provide.
We collect Device, Internet and Network Activity Information. If you use our websites, we may collect information about the browser, device and operating system you are using, device identifiers, MAC address, and your IP address. We might collect information at the site you came from, or the site you visit when you leave us. We may collect and record page interaction information and other electronic communications and content from your use of the site (such as content entry, mouse movements, screen captures, the date, time, and location of your visit, what areas of the websites you visit and for how long, what search terms or other data you enter, and what products or content or links you view and click on), and methods used to browse away from the page. We may also embed technologies (which may include, for example, web beacons, tags, and pixels) in the emails and other communications we or our vendors send to you to help us understand how you interact with those messages, such as whether and when you opened a message or clicked on any content within the message. We may also collect information from your devices if they connect to, or are detected by, the wireless networks at our office(s). We may engage or otherwise permit other parties to also collect information in these ways.
We collect Location Information. We may automatically collect your GPS location when you access our websites. We also collect information about your general location, using your zip code or postcode and IP address.
We collect Payment Information. We may collect your credit and debit card, bank account information, and other payment details if you make a purchase or sign up for or through some of our services.
We collect Audio Information. We may record audio during customer service calls.
We collect Sensitive Personal Information. We may collect social security, driver’s license, state identification or passport data, or precise geolocation data, for the purposes described in this Privacy Policy.
We collect and develop Inferences. Using the other pieces of personal information collected about you, we may draw inferences about you, reflecting what we believe to be your preferences, characteristics, predispositions, and attitudes.
We collect Information You Submit, Provide, or Post. We may collect feedback and any other information you provide when you contact us.
How Do We Obtain Your Personal Information?
a. Personal information you give to us
i. When you use our websites
We collect personal information that you provide to us through our website – for example, on our “Contact Us” form, “Request a Demo” form, or other similar online form.
ii. When you use our services
We collect personal information, such as names, e-mail addresses, postal addresses, phone numbers, and job titles, in order to provide you with services (which may include support, professional services, training, etc.). For paid services, we will process financial data supplied to us, such as your bank details.
iii. Live events and web conferences
We host in-person conferences and live web conferences. We collect your name and contact information to provide you with information and services associated with the event and to stay connected with you thereafter.
iv. Publications
You may wish to subscribe to our publications without becoming a user of our services. You will need to create a “profile,” which involves providing limited information such as your name and email address.
You can manage your subscriptions by subscribing or unsubscribing at any time. If you have any difficulties managing your email or other communication preferences, please contact us at privacy@imanage.com.
b. Personal information we get from third parties
We may receive personal information about you from third parties. This happens if your employer is a user of our services or signs you up for training, certification, support, or an event. Our third-party partners may also disclose your personal information to us when you sign up for services through that partner.
We also collect personal information from publicly or commercially available sources, such as LinkedIn. Such personal information may include your name, address, email address, preferences, interests, and demographic data.
c. What happens if you do not give us your personal information
Much of the information on our websites is available to those who are not our registered users. However, some of your personal information is necessary so that we can supply you with the products or services you have requested and for verification purposes. Therefore, if you do not provide us with the personal information we need, then we may be unable to supply you with the requested products or the services.
Use of Our Websites
Our websites and services collect certain information automatically and store it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of our websites, including a history of the pages you view. We use this information to help us design our website and services to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our websites, analyze trends, track visitor movements, and gather broad demographic information to identify visitor preferences. Our websites also use cookies and web beacons. Our websites do not track users when they cross to third party websites, do not provide targeted advertising to them, and do not respond to Do Not Track (DNT) signals.
[ Back to the top ]
How Do We Use Your Personal Information?
Pursuant to data protection laws, we process your personal information where we have a legal basis to do so. The legal basis depends on the reason(s) necessary to process your information.
a. Performance of a contract
i. Applying for a job:
We process personal information necessary to assess your suitability for the job you apply for. The information collected may include identity and contact details, previous experience, education and references. Depending on the stage of the recruitment process, other information may be required, such as criminal records. On some occasions, we may need to process special categories of personal information where we have an employment law obligation to do so for your future employment with us. We use your personal information in this context based on processing necessary to perform a contract, or to take steps at your request before entering a contract – Article 6(1)(b) of the GDPR.
b. Legal obligation
We process personal information where we need to comply with a legal or regulatory obligation, such as: maintaining our records, for compliance checks, or screening and recording, for example, for anti-money laundering, financial and credit checks, fraud and crime prevention and detection, trade sanctions and embargo laws.
c. Legitimate interests
The legal basis we rely on to process your personal information in this specific situation is Article 6(1)(f) of the GDPR. We balance our legitimate interests and the interests of third parties against your rights and interests.
i. Services
We may use the personal information we collect from our customers and their users in connection with the services we provide for a range of reasons, such as:
- setting up a user account;
- providing, operating, and maintaining the services; or
- processing and completing transactions, and sending related information, including transaction confirmations and invoices.
We use your personal information in this context based on processing necessary to enter into, or to perform, a contract – Article 6(1)(b) of the GDPR.
ii. Websites or events
We will use the personal information we collect via our websites or from events:
- to administer our websites, our events and for internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes;
- to improve our websites, to ensure that content is presented in the most effective manner for you and for your computer;
- for trend monitoring, marketing, and advertising;
- for purposes made clear to you at the time you submit your information; or
- as part of our efforts to keep our website secure.
Our use of your personal information may be based on our legitimate interest in ensuring network and information security and for our direct marketing purposes. Our websites may contain links to other sites. If you click on a third-party link, you will be directed to that site. No external site is operated by iManage and we advise you to review the privacy notice of any external site. iManage has no control over and assumes no responsibility for the content, privacy policies or practices of any third-party sites or services.
iii. Business efficacy
We have legitimate business interests, such as:
- improving our services and managing our relationships with customers;
- responding to inquiries;
- ensuring our systems and premises are secure;
- managing our supply chain;
- sharing personal information in connection with acquisitions and transfers of our business;
- complying with the law, for example, to comply with a search warrant, subpoena or court order, enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others;
- to address disputes, claims, or to persons demonstrating legal authority to act on your behalf;
- managing your use of the services, responding to enquiries and comments and providing customer service and support;
- sending you technical alerts, updates, security notifications, and administrative communications; or
- investigating and preventing fraudulent activities, unauthorized access to the services and other illegal activities.
d. Consent
When you subscribe to our newsletters and whitepapers you agree to sign up to our mailing lists. Furthermore, when you request a demo or register for a webinar, you agree to us providing you with the information you have requested.
You can withdraw this consent at any time by emailing privacy@imanage.com. The legal basis we rely on to process your personal information is Article 6(1)(a) of the GDPR.
e. No Automated Decision Making
Your personal information is not used in any automated decision making (a decision made solely by automated means without any human involvement) or profiling (automated processing of personal information to evaluate certain conditions about an individual).
f. iManage Work for Gmail
iManage Work for Gmail's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements therein.
[ Back to the top ]
How We Share Your Personal Information
We do not rent or sell your personal information; however, we do share and disclose personal information as described below.
a. iManage companies
We may share your personal information with any of the iManage companies to carry out our services to you.
b. Our service providers
We transfer personal information to service providers who perform tasks on our behalf. These companies include (for example) our payment processing providers, website analytics companies (e.g., Google Analytics), product feedback or help desk software providers (e.g.,Beamer and Zendesk), CRM service providers (e.g., Salesforce), marketing service providers (e.g., Marketo), revenue intelligence providers (e.g., Gong), and email service providers.
Where we receive your personal information and subsequently transfer that personal information to a third-party agent or service provider for processing, we require them to have sufficient guarantees in place to protect the privacy and confidentiality of the personal information.
c. Event or webinar sponsors
When you attend an event or webinar organized by us (such as ConnectLive), or download or access an asset on our website, we may share your personal information with sponsors of the event, webinar, and/or asset. If required by applicable law, you may consent to such sharing via the registration form or by allowing your badge to be scanned at a sponsor booth. In these circumstances, your personal information will be subject to the sponsor’s privacy statements. If you’d like to opt-out of the disclosure of your details with sponsors, you can always do so either at the time of registration, or by contacting us at privacy@imanage.com.
d. Business transfers
We may buy or sell parts of our business and transfer or receive customer information in connection with the evaluation of and entry into such transactions. Also, if we are acquired, go out of business, enter bankruptcy or go through some other change of control, personal information could be transferred to or acquired by a third party. It is our practice to seek appropriate protection for personal information in these types of transactions.
e. Advertising networks and analytics service providers
We share aggregated data about our customers and website visitors and disclose the results but not personal information to our marketing providers to assist us with marketing and promotional content.
Our websites may interface with social media sites such as Facebook, LinkedIn, Twitter and others. If you choose to “like” or share information from our websites through these services, you should review the privacy policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your site visit to your personal information.
f. Public authorities
Personal information may also be disclosed to law enforcement, regulatory, or other government agencies, in each case to comply with legal, regulatory, or national security obligations or requests.
Retention
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes for which we collected it. This includes satisfying any legal, regulatory, tax, accounting or reporting requirements. Regulatory provisions such as the Limitation Act 1980 or the VAT Act 1994 require us to keep some information such as contracts concluded with our customers or service delivery records for six (6) years after the end of a contract. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you. For further information about our retention periods please contact us at privacy@imanage.com.
International Data Transfers
Our headquarters are based in the United States. We also have a presence in Canada, the European Economic Area (“EEA”), the United Kingdom (“UK”), Australia and India. Personal information we collect from you will be primarily processed in the United States, the UK, and the EEA. To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which any member of the iManage companies has operations for the purposes described in this Privacy Notice. We ensure that an adequate level of protection is provided for the protection of personal information by using one or more of the following approaches:
- We transfer personal information to countries that are covered by adequacy decisions or subject to an equivalent framework; or
- We enter into contractual provisions, e.g., Standard Contractual Clauses (SCCs), between us and the recipient, approved by the European Commission, to impose on the recipient the same protection and security obligations as if they were in the EEA.
If you are visiting our websites from the EEA, the UK, or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your personal information to the United States, the UK, and other jurisdictions in which we operate.
Data Privacy Framework Program
We comply with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the UK (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. We have certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, we commit to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal information received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, we commit to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal information received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact dpo@imanage.com.
Under certain limited circumstances, individuals in the EEA, Switzerland and/or the UK may invoke binding DPF arbitration as a last resort if all other forms of dispute resolution have been unsuccessful. To learn more about this method of resolution and its availability to you, please visit https://www.dataprivacyframework.gov/.
If we have received your personal information under the DPF program and subsequently transfer it to a third-party service provider for processing, we will remain responsible if they process your personal information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
We are subject to the jurisdiction of the U.S. Federal Trade Commission for purposes of the DPF program.
The DPF program self-certification does not apply to processing in Australia or India.
[ Back to the top ]
Data Subject Rights
Under various data protection laws, you have certain rights, including:
- right of access: You can request that we disclose to you the categories of personal information we have collected about you, the categories of sources from which we collected the personal information, the categories of personal information we sold or disclosed, our business or commercial purpose for collecting, selling or sharing the personal information, the categories of third parties to whom we disclosed the personal information, and the specific pieces of personal information we collected about you;
- right to rectification: You can request that we complete or correct inaccurate personal information that we maintain about you, subject to certain exceptions;
- right to erasure: You can ask us to delete your personal information, subject to certain exceptions;
- right to restriction of processing: You can request that we restrict or suppress the processing of personal information, including our use and disclosure of sensitive personal information;
- right to object to processing: You can object to processing where there is a compelling reason to do so; and
- right to data portability: You can obtain and reuse personal information for your own purposes.
The rights available to you may depend on your location and where the processing of personal information takes place. In order to exercise the rights listed above, please contact us at dpo@imanage.com or toll free at (855) 353-4489 (ext. 10734). We will attempt to fulfill requests within one month. If we are unable to fulfil your request within one month, we will let you know that we require additional time as soon as possible. We may deny certain requests, or fulfill a request only in part, based on our legal rights and obligations. For example, we may retain personal information as permitted by law, such as to fulfill our legal obligations related to tax or other record keeping purposes.
We will take reasonable steps to verify your identity prior to responding to your requests. The verification steps may vary depending on the sensitivity of the personal information and whether you have an account with us. You may designate an authorized agent to make a request on your behalf. If you choose to submit a privacy request through an authorized agent, we may require that you provide the agent with written permission to do so and that the agent verify their own identity with us. If your privacy request is submitted by an agent without proof that they have been authorized by you to act on your behalf in accordance with applicable law, we may deny the request. We also reserve the right, in our sole discretion, to reach out to you directly to confirm that the agent is in fact authorized to make this request on your behalf to the extent allowable under applicable law, including where verification is insufficient or the nature of the personal information subject to the request is sensitive in nature.
iManage will not discriminate against you because you made any lawful request. You are not required to pay any charge for exercising your rights, unless your request is unfounded, repetitive or excessive. In the event that your request is unfounded, repetitive or excessive, or if we are not in a position to identify you, we can refuse to act on your request, or charge a reasonable fee.
Direct Marketing Communications
Where consent is used for direct marketing communications, you have the right to withdraw consent at any time. We provide “unsubscribe” links in all communications.
California Residents
In addition to the rights outlined above, if you reside in California, you have the right to ask us once each year if we have shared personal information with third parties for their direct marketing purposes. To make a request, please send us an email privacy@imanage.com. Indicate in your letter that you are a California resident making a “Shine the Light” inquiry.
Virginia Residents
In addition to the rights outlined above, if you reside in Virginia and you are not satisfied with the outcome of your request, you may submit an appeal by sending an email to dpo@imanage.com with “Virginia Appeal” in the subject line.
Security of Your Personal Information
To help protect the privacy of personal information you transmit to us, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal information to those employees who need to know that personal information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your personal information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
[ Back to the top ]
Children's Privacy
We do not knowingly collect or solicit personal information from anyone under the age of 16. If you are under 16, please do not attempt to register for the services or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us personal information, please contact us at privacy@imanage.com.
[ Back to the top ]
Changes to This Privacy Notice
We will post the revised Privacy Notice here, with an updated revision date. If we make significant changes to this Privacy Notice that materially alter our privacy practices, we may also notify you by other means, such as sending an email or posting a notice on our corporate website or social media pages. Your continued use of our websites or services after we make changes is deemed to be acceptance of those changes, so please check this Privacy Notice periodically for updates. This Privacy Notice was last updated on 23 August 2024 (with previous edits on 13 September 2024, 20 March 2023, 3 November 2022, 19 February 2021, 3 December 2020, 30 December 2019, and in August 2019, May 2019 and May 2018).
[ Back to the top ]
Contacting Us & How to Make A Complaint
We value your opinions. If you have comments or questions about this Privacy Notice, please send them to privacy@imanage.com or write to us at the address below. We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
Regulatory complaints and redress
Depending on your location, you may have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement.
iManage Contact Details
iManage LLC
Privacy
71 South Wacker Drive, 4th Floor
Chicago, IL 60606
iManage EMEA Limited
Privacy
1 Phipp Street
London EC2A 4PS
Data Protection Officer Contact Details
HewardMills Ltd
77 Farringdon Road
London
EC1M 3JU
+44 (0) 20 4540 5853
EU Representative Contact Details
We have appointed a representative in the EU. You can contact them by post at Mishcon de Reya Representative Services (Europe) Limited,2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin, 4 D04 XN32, Ireland, or by email at representative@mishcon.com.
[ Back to the top ]