iManage LLC, our parent companies, subsidiaries, and affiliates (collectively, the “iManage companies” or “we”, “us” or “our”) respect your privacy. This “Privacy Notice” informs you of our privacy practices and how your personal information is collected and used by us, and it also informs you of your rights and the options available to you. Where we determine the purposes and means of processing personal information, we act as the data controller. For users located in the EEA, the term personal information used in this Privacy Notice is equivalent to the term “personal data” under the General Data Protection Regulation (“GDPR”).
This Privacy Notice is readily available on our home page found at https://imanage.com and at the bottom of our other web pages.
Our websites and services collect certain information automatically and store it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of our websites, including a history of the pages you view.
We use this information to help us design our website and services to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our websites, analyze trends, track visitor movements, and gather broad demographic information to identify visitor preferences.
Our websites also use cookies and web beacons. Our websites do not track users when they cross to third-party websites, do not provide targeted advertising to them, and do not respond to Do Not Track (DNT) signals.
[ Back to the top ]
Pursuant to data protection laws, we process your personal information where we have a legal basis to do so. The legal basis depends on the reason(s) necessary to process your information.
We process personal information where we need to comply with a legal or regulatory obligation, such as: maintaining our records, for compliance checks, or screening and recording, for example, for anti-money laundering, financial and credit checks, fraud and crime prevention and detection, trade sanctions and embargo laws.
The legal basis we rely on to process your personal information in this specific situation is Article 6(1)(f) of the GDPR. We balance our legitimate interests and the interests of third parties against your rights and interests.
We may use the personal information we collect from our customers and their users in connection with the services we provide for a range of reasons, such as:
We use your personal information in this context based on processing necessary to enter into, or to perform, a contract – Article 6(1)(b) of the GDPR.
We will use the personal information we collect via our websites or from events:
Our use of your personal information may be based on our legitimate interest to ensure network and information security and for our direct marketing purposes. Our websites may contain links to other sites. If you click on a third-party link, you will be directed to that site. Any external site is not operated by iManage and we advise you to review the privacy notice of any external site. iManage has no control over and assumes no responsibility for the content, privacy policies or practices of any third-party sites or services.
We have legitimate business interests, such as:
When you subscribe to our newsletters and whitepapers you agree to sign up to our mailing lists. Furthermore, when you request a demo or register for a webinar, you agree to us providing you with the information you have requested.
You can withdraw this consent at any time by emailing privacy@imanage.com. The legal basis we rely on to process your personal information is Article 6(1)(a) of the GDPR.
Your personal information is not used in any automated decision making (a decision made solely by automated means without any human involvement) or profiling (automated processing of personal information to evaluate certain conditions about an individual).
[ Back to the top ]
We do not rent or sell your personal information; however, we do share and disclose personal information as described below.
We may share your personal information with any of the iManage companies to carry out our services to you.
We transfer personal information to service providers who perform tasks on our behalf. These companies include (for example) our payment processing providers, website analytics companies (e.g., Google Analytics), product feedback or help desk software providers (e.g., Zendesk), CRM service providers (e.g., Salesforce), marketing service providers (e.g., Marketo), revenue intelligence providers (e.g., Gong), and email service providers.
Where we receive your personal information and subsequently transfer that personal information to a third-party agent or service provider for processing, we require them to have sufficient guarantees in place to protect the privacy and confidentiality of the personal information.
When you attend an event or webinar organized by us (such as ConnectLive) we ask your preferences on sharing your contact details with the sponsor(s). Based on your choice, we may share your contact details (such as your name, email address, company name and phone number) with the sponsor(s). If you’d like to opt-out of sharing of your details with sponsors, you can always do so either at the time of registration, or by contacting us at privacy@imanage.com.
We may buy or sell parts of our business and transfer or receive customer information in connection with the evaluation of and entry into such transactions. Also, if we are acquired, go out of business, enter bankruptcy or go through some other change of control, personal information could be transferred to or acquired by a third party. It is our practice to seek appropriate protection for personal information in these types of transactions.
We share aggregated data about our customers and website visitors and disclose the results but not personal information to our marketing providers to assist us with marketing and promotional content.
Our websites may interface with social media sites such as Facebook, LinkedIn, Twitter and others. If you choose to “like” or share information from our websites through these services, you should review the privacy policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your site visit to your personal information.
[ Back to the top ]
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes for which we collected it. This includes satisfying any legal, regulatory, tax, accounting or reporting requirements. Regulatory provisions such as the Limitation Act 1980 or the VAT Act 1994 require us to keep some information such as contracts concluded with our customers or service delivery records for six (6) years after the end of a contract.
We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you. For further information about our retention periods please contact us at privacy@imanage.com.
[ Back to the top ]
Our headquarters are based in the United States. We also have a presence in Canada, the European Economic Area (“EEA”), the United Kingdom, Australia and India. Personal information we collect from you will be primarily processed in the United States, the United Kingdom, and the EEA. To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which any member of the iManage companies has operations for the purposes described in this Privacy Notice. We ensure that an adequate level of protection is provided for the protection of personal information by using one or more of the following approaches:
If you are visiting our websites from the EEA or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your personal information to the United States, the United Kingdom, and other jurisdictions in which we operate.
Following the Court of Justice of the European Union’s invalidation of the EU-US Privacy Shield Framework in Case C-311/18, we will no longer rely on the EU-US Privacy Shield as a mechanism of international data transfer until further notice.
We will however remain committed to maintaining our self-certification under the EU-US Privacy Shield Principles and respect its principles, as an additional measure of protection of our users’ privacy, until further notice.
Following the opinion of the Swiss Federal Data Protection and Information Commissioner (FDPIC) of 8 September 2020, we will no longer rely on the Swiss-U.S. Privacy Shield as a mechanism of international data transfer until further notice. We will however remain committed to maintaining our self-certification under the Swiss Privacy Shield Principles and respect its principles, as an additional measure of protection of our users’ privacy, until further notice.
As stated above:
We comply with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
We are subject to the jurisdiction of the U.S. Federal Trade Commission for purposes of Privacy Shield enforcement.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at DPO@iManage.com.
We have further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning personal information (including both human resources data and personal information that is not human resources data) transferred from the EU.
Under certain limited circumstances, individuals in the EEA may invoke binding Privacy Shield arbitration as a last resort if all other forms of dispute resolution have been unsuccessful. To learn more about this method of resolution and its availability to you, please visit https://www.privacyshield.gov/.
If we have received your personal information under the Privacy Shield and subsequently transfer it to a third-party service provider for processing, we will remain responsible if they process your personal information in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
The Privacy Shield self-certification does not apply to processing in Australia or India.
[ Back to the top ]
Under data protection laws, you have various rights, such as:
The rights available to you may depend on your location and where the processing of personal information takes place. Please contact us at dpo@imanage.com if you want to exercise your rights.
You are not required to pay any charge for exercising your rights, unless your request is unfounded, repetitive or excessive. We will respond to any requests within one month. If we are unable to respond to your request within one month, we will let you know as soon as possible. In the event that your request is unfounded, repetitive or excessive, or if we are not in a position to identify you, we can refuse to act on your request, or charge a reasonable fee.
Where consent is used for direct marketing communications, you have the right to withdraw consent at any time. We provide “unsubscribe” links in all communications.
California residents have the right to know what personal information the business collects, discloses and/or sells if applicable. Under the California Consumer Privacy Act (“CCPA”), consumers have the right to access what personal information has been collected about them by making a verifiable consumer request.
Once we confirm your verifiable consumer request, we will share with you the categories of personal information that we have collected about you in the preceding 12 months, the categories of sources for the personal information we collected, the business or commercial purpose for which the personal information was collected, the categories of our affiliates and/or third parties with whom we share this information, and specific pieces of personal information we collected about you.
If we have sold your information (as defined in the section 1798.140(t) of the CCPA) or disclosed it for a business purpose, we will disclose the sales and disclosures, specifying the personal information category that was sold or disclosed to our affiliates and/or third parties. Furthermore, we will disclose the categories of third parties with whom the information was sold and/or disclosed.
iManage has not sold (as the term is defined in section 1798.140(t) of the CCPA) personal information in the past 12 months.
As a California resident you have the right to opt out of the sale of your personal information at any time. Subject to some exceptions, you have the right to request that we delete your personal information. You have the right to request that your personal information is transferred to a third party. We will not discriminate against you for exercising your CCPA rights.
Our business operates exclusively online. If you are a California resident and would like to submit a consumer request, please submit a written request to DPO@imanage.com.
[ Back to the top ]
To help protect the privacy of personal information you transmit to us, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal information to those employees who need to know that personal information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your personal information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
[ Back to the top ]
We do not knowingly collect or solicit personal information from anyone under the age of 16. If you are under 16, please do not attempt to register for the services or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us personal information, please contact us at privacy@imanage.com.
[ Back to the top ]
We will post the revised Privacy Notice here, with an updated revision date. If we make significant changes to this Privacy Notice that materially alter our privacy practices, we may also notify you by other means, such as sending an email or posting a notice on our corporate website or social media pages. Your continued use of our websites or services after we make changes is deemed to be acceptance of those changes, so please check this Privacy Notice periodically for updates. This Privacy Notice was last updated on 19 February 2021 (with previous edits on 3 December 2020, 30 December 2019, and in August 2019, May 2019 and May 2018).
We value your opinions. If you have comments or questions about this Privacy Notice, please send them to privacy@imanage.com or write to us at the address below. We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in timely and appropriate manner.
Depending on your location, you may have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement.
Privacy
540 West Madison, Suite 300
Chicago, IL 60661
Privacy
1 Phipp Street
London EC2A 4PS
privacy@imanage.com
HewardMills Ltd
77 Farringdon Road
London
EC1M 3JU
+44 (0) 20 3367 1245 or +353 (0) 1669 4642
We have appointed a representative in the EU. You can contact them by post at Taylor Vinters Europe Limited, Clifton House, Fitzwilliam Street Lower, Dublin, Dublin, D02 Xt91, Ireland, or by email at representative@taylorvinters.com.