Privacy Notice

Table of Contents

• Scope of this Privacy Notice
• How we collect and use your personal information
• Use of our website
• How do we use your personal information
• How we share your personal information
• Retention
• International data transfers
• Data subject rights
• Security of your personal information
• Children's Privacy

Scope of this Privacy Notice

iManage LLC, our parent companies, subsidiaries, and affiliates (collectively, the “iManage companies” or “we”, “us” or “our”) respect your privacy. This “Privacy Notice” informs you of our privacy practices and how your personal information is collected and used by us, and it also informs you of your rights and the options available to you. Where we determine the purposes and means of processing personal information, we act as the data controller. For users located in the EEA, the term personal information used in this Privacy Notice is equivalent to the term “personal data” under the General Data Protection Regulation (“GDPR”).

This Privacy Notice is readily available on our home page found at https://imanage.com and at the bottom of our other web pages.

What personal information do we collect?

Personal information you give to us

1. 1. When you use our websites. We may collect any personal information that you choose to send to us or provide to us, for example, on our “Contact Us,” “Request a Demo” or similar online form. 
   2. When you use our services. We collect personal information, such as names, e-mail addresses, postal addresses, phone numbers, and job titles, in order to provide you with services (which may include support, professional services, training, etc.). For paid services, we will process financial data supplied to us, such as your bank details.
   3. Live events and web conferences. We host in-person conferences and live web conferences. We collect your name and contact information to provide you with information and services associated with the event.
   4. Publications. You may wish to subscribe to our publications without becoming a user of our services. You will need to create a “profile,” which involves providing limited information such as your name and email address.
      You can manage your subscriptions by subscribing or unsubscribing at any time. If you have any difficulties managing your email or other communication preferences, please contact us at privacy@imanage.com.

Personal information we get from third parties 

Use of our websites

Our websites and services collect certain information automatically and store it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of our websites, including a history of the pages you view.

We use this information to help us design our website and services to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our websites, analyze trends, track visitor movements, and gather broad demographic information to identify visitor preferences.

Our websites also use cookies and web beacons. Our websites do not track users when they cross to third-party websites, do not provide targeted advertising to them, and do not respond to Do Not Track (DNT) signals.

[ Back to the top ]

How do we use your personal information

Pursuant to data protection laws, we process your personal information where we have a legal basis to do so. The legal basis depends on the reason(s) necessary to process your information.

Performance of a contract

1. Applying for a job: We process personal information necessary to assess your suitability for the job you apply for. The information collected may include identity and contact details, previous experience, education and references. Depending on the stage of the recruiting process, other information may be required, such as criminal records. On some occasions, we may need to process special categories of personal data where we have an employment law obligation to do so for your future employment with us. We use your personal information in this context based on processing necessary to perform a contract, or to take steps at your request before entering a contract – Article 6(1)(b) of the GDPR.

Legal obligation

We process personal information where we need to comply with a legal or regulatory obligation, such as: maintaining our records, for compliance checks, or screening and recording, for example, for anti-money laundering, financial and credit checks, fraud and crime prevention and detection, trade sanctions and embargo laws.

Legitimate interests

The legal basis we rely on to process your personal information in this specific situation is Article 6(1)(f) of the GDPR. We balance our legitimate interests and the interests of third parties against your rights and interests.

Services 

We may use the personal information we collect from our customers and their users in connection with the services we provide for a range of reasons, such as:

• setting up a user account;
• providing, operating and maintaining the services; or
• processing and completing transactions, and sending related information, including transaction confirmations and invoices.

We use your personal information in this context based on processing necessary to enter into, or to perform, a contract – Article 6(1)(b) of the GDPR.

Websites or events

We will use the personal information we collect via our websites or from events:

• to administer our websites, our events and for internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes;
• to improve our websites, to ensure that content is presented in the most effective manner for you and for your computer;
• for trend monitoring, marketing and advertising;
• for purposes made clear to you at the time you submit your information; or
• as part of our efforts to keep our website secure.

Our use of your personal information may be based on our legitimate interest to ensure network and information security and for our direct marketing purposes. Our websites may contain links to other sites. If you click on a third-party link, you will be directed to that site. Any external site is not operated by iManage and we advise you to review the privacy notice of any external site. iManage has no control over and assumes no responsibility for the content, privacy policies or practices of any third-party sites or services.

Business efficacy

We have legitimate business interests, such as:

• improving our services and managing our relationships with customers;
• responding to inquiries;
• ensuring our systems and premises are secure;
• managing our supply chain;
• sharing personal information in connection with acquisitions and transfers of our business;
• complying with the law, for example, to comply with a search warrant, subpoena or court order, enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others;
• to address disputes, claims, or to persons demonstrating legal authority to act on your behalf;
• managing your use of the services, responding to enquiries and comments and providing customer service and support;
• sending you technical alerts, updates, security notifications, and administrative communications; or
• investigating and preventing fraudulent activities, unauthorized access to the services and other illegal activities.

Consent

When you subscribe to our newsletters and whitepapers you agree to sign up to our mailing lists. Furthermore, when you request a demo or register for a webinar, you agree to us providing you with the information you have requested.

You can withdraw this consent at any time by emailing privacy@imanage.com. The legal basis we rely on to process your personal information is Article 6(1)(a) of the GDPR.

No Automated Decision Making

Your personal information is not used in any automated decision making (a decision made solely by automated means without any human involvement) or profiling (automated processing of personal information to evaluate certain conditions about an individual).

[ Back to the top ]

How we share your personal information

We do not rent or sell your personal information; however, we do share and disclose personal information as described below.

iManage companies

We may share your personal information with any of the iManage companies to carry out our services to you.

Our service providers

We transfer personal information to service providers who perform tasks on our behalf. These companies include (for example) our payment processing providers, website analytics companies (e.g., Google Analytics), product feedback or help desk software providers (e.g., Zendesk), CRM service providers (e.g., Salesforce), marketing service providers (e.g., Marketo), revenue intelligence providers (e.g., Gong), and email service providers.

Where we receive your personal information and subsequently transfer that personal information to a third-party agent or service provider for processing, we require them to have sufficient guarantees in place to protect the privacy and confidentiality of the personal information.

Event or webinar sponsors

When you attend an event or webinar organized by us (such as ConnectLive) we ask your preferences on sharing your contact details with the sponsor(s). Based on your choice, we may share your contact details (such as your name, email address, company name and phone number) with the sponsor(s). If you’d like to opt-out of sharing of your details with sponsors, you can always do so either at the time of registration, or by contacting us at privacy@imanage.com.

Business transfers

We may buy or sell parts of our business and transfer or receive customer information in connection with the evaluation of and entry into such transactions. Also, if we are acquired, go out of business, enter bankruptcy or go through some other change of control, personal information could be transferred to or acquired by a third party. It is our practice to seek appropriate protection for personal information in these types of transactions.

Advertising networks and analytics service providers

We share aggregated data about our customers and website visitors and disclose the results but not personal information to our marketing providers to assist us with marketing and promotional content.

Our websites may interface with social media sites such as Facebook, LinkedIn, Twitter and others. If you choose to “like” or share information from our websites through these services, you should review the privacy policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your site visit to your personal information.

Retention

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes for which we collected it. This includes satisfying any legal, regulatory, tax, accounting or reporting requirements. Regulatory provisions such as the Limitation Act 1980 or the VAT Act 1994 require us to keep some information such as contracts concluded with our customers or service delivery records for six (6) years after the end of a contract.

We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you. For further information about our retention periods please contact us at privacy@imanage.com.

[ Back to the top ]

International Data Transfers

Our headquarters are based in the United States. We also have a presence in Canada, the European Economic Area (“EEA”), the United Kingdom, Australia and India. Personal information we collect from you will be primarily processed in the United States, the United Kingdom, and the EEA. To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which any member of the iManage companies has operations for the purposes described in this Privacy Notice. We ensure that an adequate level of protection is provided for the protection of personal information by using one or more of the following approaches:

• We transfer personal information to countries that are covered by adequacy decisions; or
• We enter into contractual provisions, e.g., Standard Contractual Clauses (SCCs), between us and the recipient, approved by the European Commission, to impose on the recipient the same protection and security obligations as if they were in the EEA. 

If you are visiting our websites from the EEA or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your personal information to the United States, the United Kingdom, and other jurisdictions in which we operate.

Following the Court of Justice of the European Union’s invalidation of the EU-US Privacy Shield Framework in Case C-311/18, we will no longer rely on the EU-US Privacy Shield as a mechanism of international data transfer until further notice.

We will however remain committed to maintaining our self-certification under the EU-US Privacy Shield Principles and respect its principles, as an additional measure of protection of our users’ privacy, until further notice.

Following the opinion of the Swiss Federal Data Protection and Information Commissioner (FDPIC) of 8 September 2020, we will no longer rely on the Swiss-U.S. Privacy Shield as a mechanism of international data transfer until further notice. We will however remain committed to maintaining our self-certification under the Swiss Privacy Shield Principles and respect its principles, as an additional measure of protection of our users’ privacy, until further notice.

Data subject rights

Under data protection laws, you have various rights, such as:

• right of access: this gives you the right to ask us for copies of any of your personal information that is in our possession;
• right to rectification: this allows you to rectify and complete information that you think is inaccurate or incomplete;
• right to erasure: this gives you the right to ask us to erase your personal information, if the circumstances allow;
• right to restriction of processing: this gives you the right to restrict or suppress the processing of personal data;
• right to object to processing: this gives you the right to object to processing where there is a compelling reason to do so; and
• right to data portability: this gives you the right to obtain and reuse personal data for your own purposes.

The rights available to you may depend on your location and where the processing of personal information takes place. Please contact us at dpo@imanage.com if you want to exercise your rights.

You are not required to pay any charge for exercising your rights, unless your request is unfounded, repetitive or excessive. We will respond to any requests within one month. If we are unable to respond to your request within one month, we will let you know as soon as possible. In the event that your request is unfounded, repetitive or excessive, or if we are not in a position to identify you, we can refuse to act on your request, or charge a reasonable fee.

Direct Marketing Communications

Where consent is used for direct marketing communications, you have the right to withdraw consent at any time. We provide “unsubscribe” links in all communications.

California Residents

California residents have the right to know what personal information the business collects, discloses and/or sells if applicable. Under the California Consumer Privacy Act (“CCPA”), consumers have the right to access what personal information has been collected about them by making a verifiable consumer request.

Once we confirm your verifiable consumer request, we will share with you the categories of personal information that we have collected about you in the preceding 12 months, the categories of sources for the personal information we collected, the business or commercial purpose for which the personal information was collected, the categories of our affiliates and/or third parties with whom we share this information, and specific pieces of personal information we collected about you.

If we have sold your information (as defined in the section 1798.140(t) of the CCPA) or disclosed it for a business purpose, we will disclose the sales and disclosures, specifying the personal information category that was sold or disclosed to our affiliates and/or third parties. Furthermore, we will disclose the categories of third parties with whom the information was sold and/or disclosed.

iManage has not sold (as the term is defined in section 1798.140(t) of the CCPA) personal information in the past 12 months.

As a California resident you have the right to opt out of the sale of your personal information at any time. Subject to some exceptions, you have the right to request that we delete your personal information. You have the right to request that your personal information is transferred to a third party. We will not discriminate against you for exercising your CCPA rights.

Our business operates exclusively online. If you are a California resident and would like to submit a consumer request, please submit a written request to DPO@imanage.com.

Security of your personal information

To help protect the privacy of personal information you transmit to us, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal information to those employees who need to know that personal information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your personal information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.

[ Back to the top ]

Children’s privacy

We do not knowingly collect or solicit personal information from anyone under the age of 16. If you are under 16, please do not attempt to register for the services or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us personal information, please contact us at privacy@imanage.com.

[ Back to the top ]