Menu

Privacy Notice

Table of Contents

 

Scope of this Privacy Notice

iManage LLC, our parent companies, subsidiaries, and affiliates (collectively, the “iManage companies” or “we”, “us” or “our”) respect your privacy. This “Privacy Notice” informs you of our privacy practices and how your personal information is collected and used by us, and it also informs you of your rights and the options available to you. Where we determine the purposes and means of processing personal information, we act as the data controller. For users located in the EEA, the term personal information used in this Privacy Notice is equivalent to the term “personal data” under the General Data Protection Regulation (“GDPR”).

This Privacy Notice is readily available on our home page found at https://imanage.com and at the bottom of our other web pages.

What personal information do we collect?

Personal information you give to us

  1. When you use our websites. We may collect any personal information that you choose to send to us or provide to us, for example, on our “Contact Us,” “Request a Demo” or similar online form. 
  2. When you use our services. We collect personal information, such as names, e-mail addresses, postal addresses, phone numbers, and job titles, in order to provide you with services (which may include support, professional services, training, etc.). For paid services, we will process financial data supplied to us, such as your bank details.
  3. Live events and web conferences. We host in-person conferences and live web conferences. We collect your name and contact information to provide you with information and services associated with the event.
  4. Publications. You may wish to subscribe to our publications without becoming a user of our services. You will need to create a “profile,” which involves providing limited information such as your name and email address.
    You can manage your subscriptions by subscribing or unsubscribing at any time. If you have any difficulties managing your email or other communication preferences, please contact us at privacy@imanage.com.

Personal information we get from third parties 

  • We may receive personal information about you from third parties. This happens if your employer is a user of our services or signs you up for training, certification, support, or an event. Our third-party partners may also share your personal information with us when you sign up for services through that partner.
    We also collect personal information from publicly or commercially available sources, such as LinkedIn. Such personal information may include your name, address, email address, preferences, interests, and demographic data.​

What happens if you don’t give us your personal information. 

  • Much of the information on our websites is available to those who are not our registered users. However, some of your personal information is necessary so that we can supply you with the products or services you have requested and for verification purposes. Therefore, if you don’t provide us with the personal information we need, then we may be unable to supply you with the requested products or the services.​

Use of our websites

Our websites and services collect certain information automatically and store it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of our websites, including a history of the pages you view.

We use this information to help us design our website and services to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our websites, analyze trends, track visitor movements, and gather broad demographic information to identify visitor preferences.

Our websites also use cookies and web beacons. Our websites do not track users when they cross to third-party websites, do not provide targeted advertising to them, and do not respond to Do Not Track (DNT) signals.

[ Back to the top ]

 

How do we use your personal information

Pursuant to data protection laws, we process your personal information where we have a legal basis to do so. The legal basis depends on the reason(s) necessary to process your information.

Performance of a contract

  1. Applying for a job: We process personal information necessary to assess your suitability for the job you apply for. The information collected may include identity and contact details, previous experience, education and references. Depending on the stage of the recruiting process, other information may be required, such as criminal records. On some occasions, we may need to process special categories of personal data where we have an employment law obligation to do so for your future employment with us. We use your personal information in this context based on processing necessary to perform a contract, or to take steps at your request before entering a contract – Article 6(1)(b) of the GDPR.

Legal obligation

We process personal information where we need to comply with a legal or regulatory obligation, such as: maintaining our records, for compliance checks, or screening and recording, for example, for anti-money laundering, financial and credit checks, fraud and crime prevention and detection, trade sanctions and embargo laws.

Legitimate interests

The legal basis we rely on to process your personal information in this specific situation is Article 6(1)(f) of the GDPR. We balance our legitimate interests and the interests of third parties against your rights and interests.

Services 

We may use the personal information we collect from our customers and their users in connection with the services we provide for a range of reasons, such as:

  • setting up a user account;
  • providing, operating and maintaining the services; or
  • processing and completing transactions, and sending related information, including transaction confirmations and invoices.

We use your personal information in this context based on processing necessary to enter into, or to perform, a contract – Article 6(1)(b) of the GDPR.

Websites or events

We will use the personal information we collect via our websites or from events:

  • to administer our websites, our events and for internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes;
  • to improve our websites, to ensure that content is presented in the most effective manner for you and for your computer;
  • for trend monitoring, marketing and advertising;
  • for purposes made clear to you at the time you submit your information; or
  • as part of our efforts to keep our website secure.

Our use of your personal information may be based on our legitimate interest to ensure network and information security and for our direct marketing purposes. Our websites may contain links to other sites. If you click on a third-party link, you will be directed to that site. Any external site is not operated by iManage and we advise you to review the privacy notice of any external site. iManage has no control over and assumes no responsibility for the content, privacy policies or practices of any third-party sites or services.

Business efficacy

We have legitimate business interests, such as:

  • improving our services and managing our relationships with customers;
  • responding to inquiries;
  • ensuring our systems and premises are secure;
  • managing our supply chain;
  • sharing personal information in connection with acquisitions and transfers of our business;
  • complying with the law, for example, to comply with a search warrant, subpoena or court order, enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others;
  • to address disputes, claims, or to persons demonstrating legal authority to act on your behalf;
  • managing your use of the services, responding to enquiries and comments and providing customer service and support;
  • sending you technical alerts, updates, security notifications, and administrative communications; or
  • investigating and preventing fraudulent activities, unauthorized access to the services and other illegal activities.

Consent

When you subscribe to our newsletters and whitepapers you agree to sign up to our mailing lists. Furthermore, when you request a demo or register for a webinar, you agree to us providing you with the information you have requested.

You can withdraw this consent at any time by emailing privacy@imanage.com. The legal basis we rely on to process your personal information is Article 6(1)(a) of the GDPR.

No Automated Decision Making

Your personal information is not used in any automated decision making (a decision made solely by automated means without any human involvement) or profiling (automated processing of personal information to evaluate certain conditions about an individual).

[ Back to the top ]

 

How we share your personal information

We do not rent or sell your personal information; however, we do share and disclose personal information as described below.

iManage companies

We may share your personal information with any of the iManage companies to carry out our services to you.

Our service providers

We transfer personal information to service providers who perform tasks on our behalf. These companies include (for example) our payment processing providers, website analytics companies (e.g., Google Analytics), product feedback or help desk software providers (e.g., Zendesk), CRM service providers (e.g., Salesforce), marketing service providers (e.g., Marketo), revenue intelligence providers (e.g., Gong), and email service providers.

Where we receive your personal information and subsequently transfer that personal information to a third-party agent or service provider for processing, we require them to have sufficient guarantees in place to protect the privacy and confidentiality of the personal information.

Event or webinar sponsors

When you attend an event or webinar organized by us (such as ConnectLive) we ask your preferences on sharing your contact details with the sponsor(s). Based on your choice, we may share your contact details (such as your name, email address, company name and phone number) with the sponsor(s). If you’d like to opt-out of sharing of your details with sponsors, you can always do so either at the time of registration, or by contacting us at privacy@imanage.com.

Business transfers

We may buy or sell parts of our business and transfer or receive customer information in connection with the evaluation of and entry into such transactions. Also, if we are acquired, go out of business, enter bankruptcy or go through some other change of control, personal information could be transferred to or acquired by a third party. It is our practice to seek appropriate protection for personal information in these types of transactions.

Advertising networks and analytics service providers

We share aggregated data about our customers and website visitors and disclose the results but not personal information to our marketing providers to assist us with marketing and promotional content.

Our websites may interface with social media sites such as Facebook, LinkedIn, Twitter and others. If you choose to “like” or share information from our websites through these services, you should review the privacy policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your site visit to your personal information.

[ Back to the top ]

 

Retention

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes for which we collected it. This includes satisfying any legal, regulatory, tax, accounting or reporting requirements. Regulatory provisions such as the Limitation Act 1980 or the VAT Act 1994 require us to keep some information such as contracts concluded with our customers or service delivery records for six (6) years after the end of a contract.

We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you. For further information about our retention periods please contact us at privacy@imanage.com.

[ Back to the top ]

International Data Transfers

Our headquarters are based in the United States. We also have a presence in Canada, the European Economic Area (“EEA”), the United Kingdom, Australia and India. Personal information we collect from you will be primarily processed in the United States, the United Kingdom, and the EEA. To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which any member of the iManage companies has operations for the purposes described in this Privacy Notice. We ensure that an adequate level of protection is provided for the protection of personal information by using one or more of the following approaches:

  • We transfer personal information to countries that are covered by adequacy decisions; or
  • We enter into contractual provisions, e.g., Standard Contractual Clauses (SCCs), between us and the recipient, approved by the European Commission, to impose on the recipient the same protection and security obligations as if they were in the EEA. 

If you are visiting our websites from the EEA or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your personal information to the United States, the United Kingdom, and other jurisdictions in which we operate.

Following the Court of Justice of the European Union’s invalidation of the EU-US Privacy Shield Framework in Case C-311/18, we will no longer rely on the EU-US Privacy Shield as a mechanism of international data transfer until further notice.

We will however remain committed to maintaining our self-certification under the EU-US Privacy Shield Principles and respect its principles, as an additional measure of protection of our users’ privacy, until further notice.

Following the opinion of the Swiss Federal Data Protection and Information Commissioner (FDPIC) of 8 September 2020, we will no longer rely on the Swiss-U.S. Privacy Shield as a mechanism of international data transfer until further notice. We will however remain committed to maintaining our self-certification under the Swiss Privacy Shield Principles and respect its principles, as an additional measure of protection of our users’ privacy, until further notice.

Privacy Shield Frameworks

As stated above:

  • despite the Court of Justice of the European Union’s invalidation of the EU-US Privacy Shield Framework as a mechanism for transfers of personal data between the EU and the U.S. in Case C-311/18, we intend to maintain our self-certification under the EU-US Privacy Shield Framework and remain committed to complying with the Privacy Shield Principles; and
  • despite the opinion of the Swiss Federal Data Protection and Information Commissioner (FDPIC) of 8 September 2020, we intend to maintain our self-certification under the Swiss Privacy Shield Framework and remain committed to complying with its Principles.

We comply with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

We are subject to the jurisdiction of the U.S. Federal Trade Commission for purposes of Privacy Shield enforcement.

In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at DPO@iManage.com.

We have further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning personal information (including both human resources data and personal information that is not human resources data) transferred from the EU.

Under certain limited circumstances, individuals in the EEA may invoke binding Privacy Shield arbitration as a last resort if all other forms of dispute resolution have been unsuccessful. To learn more about this method of resolution and its availability to you, please visit https://www.privacyshield.gov/.

If we have received your personal information under the Privacy Shield and subsequently transfer it to a third-party service provider for processing, we will remain responsible if they process your personal information in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.

The Privacy Shield self-certification does not apply to processing in Australia or India.

[ Back to the top ]

 

Data subject rights

Under data protection laws, you have various rights, such as:

  • right of access: this gives you the right to ask us for copies of any of your personal information that is in our possession;
  • right to rectification: this allows you to rectify and complete information that you think is inaccurate or incomplete;
  • right to erasure: this gives you the right to ask us to erase your personal information, if the circumstances allow;
  • right to restriction of processing: this gives you the right to restrict or suppress the processing of personal data;
  • right to object to processing: this gives you the right to object to processing where there is a compelling reason to do so; and
  • right to data portability: this gives you the right to obtain and reuse personal data for your own purposes.

The rights available to you may depend on your location and where the processing of personal information takes place. Please contact us at dpo@imanage.com if you want to exercise your rights.

You are not required to pay any charge for exercising your rights, unless your request is unfounded, repetitive or excessive. We will respond to any requests within one month. If we are unable to respond to your request within one month, we will let you know as soon as possible. In the event that your request is unfounded, repetitive or excessive, or if we are not in a position to identify you, we can refuse to act on your request, or charge a reasonable fee.

Direct Marketing Communications

Where consent is used for direct marketing communications, you have the right to withdraw consent at any time. We provide “unsubscribe” links in all communications.

California Residents

California residents have the right to know what personal information the business collects, discloses and/or sells if applicable. Under the California Consumer Privacy Act (“CCPA”), consumers have the right to access what personal information has been collected about them by making a verifiable consumer request.

Once we confirm your verifiable consumer request, we will share with you the categories of personal information that we have collected about you in the preceding 12 months, the categories of sources for the personal information we collected, the business or commercial purpose for which the personal information was collected, the categories of our affiliates and/or third parties with whom we share this information, and specific pieces of personal information we collected about you.

If we have sold your information (as defined in the section 1798.140(t) of the CCPA) or disclosed it for a business purpose, we will disclose the sales and disclosures, specifying the personal information category that was sold or disclosed to our affiliates and/or third parties. Furthermore, we will disclose the categories of third parties with whom the information was sold and/or disclosed.

iManage has not sold (as the term is defined in section 1798.140(t) of the CCPA) personal information in the past 12 months.

As a California resident you have the right to opt out of the sale of your personal information at any time. Subject to some exceptions, you have the right to request that we delete your personal information. You have the right to request that your personal information is transferred to a third party. We will not discriminate against you for exercising your CCPA rights.

Our business operates exclusively online. If you are a California resident and would like to submit a consumer request, please submit a written request to DPO@imanage.com.

[ Back to the top ]

 

Security of your personal information

To help protect the privacy of personal information you transmit to us, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal information to those employees who need to know that personal information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your personal information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.

[ Back to the top ]

 

Children’s privacy

We do not knowingly collect or solicit personal information from anyone under the age of 16. If you are under 16, please do not attempt to register for the services or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us personal information, please contact us at privacy@imanage.com.

[ Back to the top ]

 

Changes to this Privacy Notice

We will post the revised Privacy Notice here, with an updated revision date. If we make significant changes to this Privacy Notice that materially alter our privacy practices, we may also notify you by other means, such as sending an email or posting a notice on our corporate website or social media pages. Your continued use of our websites or services after we make changes is deemed to be acceptance of those changes, so please check this Privacy Notice periodically for updates. This Privacy Notice was last updated on 19 February 2021 (with previous edits on 3 December 2020, 30 December 2019, and in August 2019, May 2019 and May 2018).

[ Back to the top

Contacting Us & How to Make a Complaint

We value your opinions. If you have comments or questions about this Privacy Notice, please send them to privacy@imanage.com or write to us at the address below. We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in timely and appropriate manner.

Regulatory complaints and redress

Depending on your location, you may have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement.

iManage Contact Details

iManage LLC

Privacy

540 West Madison, Suite 300

Chicago, IL 60661

privacy@imanage.com

 

iManage EMEA Limited

Privacy

1 Phipp Street

London EC2A 4PS

privacy@imanage.com

 

Data Protection Officer Contact Details

HewardMills Ltd

77 Farringdon Road

London

EC1M 3JU

dpo@imanage.com

+44 (0)20 3998 1840

EU Representative Contact Details

We have appointed a representative in the EU. You can contact them by post at Taylor Vinters Europe Limited, Clifton House, Fitzwilliam Street Lower, Dublin, Dublin, D02 Xt91, Ireland, or by email at representative@taylorvinters.com.

[ Back to the top ]