iManage LLC, our parent companies, subsidiaries, and affiliates (collectively, the “iManage companies” or “we”, “us” or “our”) respect your privacy. This “Privacy Notice” informs you of our privacy practices and of the choices you can make about the way personal information about you, including from your online activity is collected and how that personal information is used by the iManage companies.
This Privacy Notice is readily available on our home page found at https://imanage.com and at the bottom of our other web pages.
Our websites collect certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of our websites, including a history of the pages you view. We use this information to help us design our site to better suit our users’ needs.
We may also use your IP address to help diagnose problems with our server and to administer our websites, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.
Our websites also use cookies and web beacons. Our websites do not track users when they cross to third party websites, do not provide targeted advertising to them, and therefore do not respond to Do Not Track (DNT) signals.
[ Back to the top ]
We will use the personal information we collect via our websites:
The legal basis we rely on to process your personal information in this specific situation is Article 6(1)(f) of the GDPR, which allows us to process personal information when it is necessary for the purposes of our legitimate interests. When we use the legitimate interest legal basis, we need to provide a rationale and assess the proportionality and necessity of the processing and the balance between our legitimate interests and your rights and interests. Our legitimate interest in this situation lies in ascertaining the number and type of visitors on our website, as well as understanding the use made of it and any potential issues to be resolved. As the information processed does not identify you, the processing in this specific situation does not materially impact your rights, freedom or interests. This information can be retained for up to 36 months from your last action on our website. Please note that you have a right to object to the processing based on legitimate interests. Please contact us at privacy@imanage.com if you wish to object. Our websites may contain links to other sites. If you click on a third-party link, you will be directed to that site. Please note that any external site is not operated by iManage. Therefore, we strongly advise you to review the privacy policy of any external site. iManage has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third-party sites or services.
We may use the personal information we collect from you when contacting us, when enquiring about using our services, or from our customers and their users in connection with the services we provide for a range of reasons, including to:
The legal basis we rely on to process your personal information is Article 6(1)(b) of the GDPR, which relates to processing necessary to enter into a contract or to perform it once concluded. Not providing us with this information may prevent us from properly identifying you as our client and providing you with efficient services or answers tailored to your requests.
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. Regulatory provisions such as the Limitation Act 1980 or the VAT Act 1994 require us to keep some basic information, such as contracts concluded with our clients or service delivery records for six (6) years after the end of a contract. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you.
Applying for a job When you apply for a job with us, we may process the personal data necessary to assess your suitability for the job you apply for. The data collected may include identity and contact details, previous experience, education and references. Depending on stage of the recruiting process, other information may be required such as criminal records.The legal basis we rely on for processing your personal data in this context is Article 6(1)(b) of the GDPR, which relates to processing necessary to perform a contract or to take steps at your request before entering a contract. This information is necessary for us to decide if we want to hire you and to enter into an employment contract with you.If your application is unsuccessful, the data will be retained for 1 year from the end of the recruitment process. If the application is successful, the data, as well as additional human resources data, will be retained for at least the period of employment. In this case, your employee file will be retained for 6 years from the end of employment.
[ Back to the top ]
We do not rent or sell your personal information. We may share and disclose information, including personal information in limited circumstances as described below.
We transfer personal information to third parties such as vendors and service providers who perform tasks on our behalf such as for processing and storage purposes. These companies include, for example, our payment processing providers, website analytics companies (e.g., Google Analytics), product feedback or help desk software providers (e.g., Zendesk), CRM service providers (e.g., Salesforce), marketing service providers, and email service providers.
If we have received your personal information and subsequently transfer that personal information to a third-party agent or service provider for processing, we will remain responsible by executing contracts requiring them to protect the privacy and confidentiality of the personal information provided to them for purposes of performing their functions for us. Unless we tell you differently and you consent, our agents do not have any right to use the personal information we share with them beyond what is necessary to assist us.
We may choose to buy or sell assets and may share and/or transfer customer information in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal information could be one of the assets transferred to or acquired by a third party. It is our practice to seek appropriate protection for personal information in these types of transactions.
We may also share your personal information with any of the iManage companies for purposes consistent with this Privacy Policy.
Other reasons we share your personal information
We do not otherwise reveal your personal information to third-parties for their independent use unless:
We may also gather aggregated data about our customers and website visitors and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, advertisers and/or other third parties for marketing or promotional purposes.
Our websites may interface with social media sites such as Facebook, LinkedIn, Twitter and others. If you choose to “like” or share information from our websites through these services, you should review the privacy policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your site visit to your personal information.
[ Back to the top ]
We have our headquarters in the United States and we also have a presence in Canada, the European Economic Area (“EEA”), the United Kingdom, Australia and India. Personal information we collect from you will be primarily processed in the United States, the United Kingdom, and the EEA. To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which any member of the iManage companies has operations for the purposes described in this Privacy Policy. When we do, we will ensure that an adequate level of protection is provided for the information by using one or more of the following approaches:
If you are visiting our websites from the EEA or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your personal information to the United States, the United Kingdom, and other jurisdictions in which we operate. By providing your personal information, you consent to any transfer and processing in accordance with this Privacy Policy.
Please note that for users located in the EEA the term personal information used in this Privacy Policy is equivalent to the term “personal data” under applicable European data protection laws.
We comply with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
We are subject to the jurisdiction of the U.S. Federal Trade Commission for purposes of Privacy Shield enforcement.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at DPO@iManage.com.
We have further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning personal information (including both human resources data and personal information that is not human resources data) transferred from the EU.
Under certain limited circumstances, individuals in the EEA may invoke binding Privacy Shield arbitration as a last resort if all other forms of dispute resolution have been unsuccessful. To learn more about this method of resolution and its availability to you, please visit https://www.privacyshield.gov/.
If we have received your personal information under the Privacy Shield and subsequently transfer it to a third-party service provider for processing, we will remain responsible if they process your personal information in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
The Privacy Shield self-certification does not apply to processing in Australia or India.
[ Back to the top ]
Under data protection laws, you have various rights, such as the right of access, that gives you the right to ask us for copies of any of your personal information that is in our possession; the right to rectification that allows you to rectify and complete information that you think is inaccurate or incomplete; and the right to erasure that gives you the right to ask us to erase your personal information in certain circumstances. You also have the right to restriction of processing, to object to processing and to data portability.
These rights available to you may depend on our reason for processing your information and the circumstances. You are not required to pay any charge for exercising your rights, unless your request is clearly unfounded, repetitive or excessive. We will respond to any legitimate requests within one month. In the event that your request is clearly unfounded, repetitive or excessive or if we are not in a position to identify you, we are entitled to refuse to act on your request.
If you wish to confirm that we are processing your personal information, or to have access to the personal information we may have about you, please contact us at DPO@imanage.com.
California Residents
California residents have the right to know what personal information the business collects, discloses and/or sells if applicable. Under the California Consumer Privacy Act (“CCPA”), consumers have the right to access what personal information has been collected about them by making a verifiable consumer request.
Once we confirm your verifiable consumer request, we will share with you the categories of personal information that we have collected about you in the preceding 12 months, the categories of sources for the personal information we collected, the business or commercial purpose for which the personal information was collected, the categories of our affiliates and/or third parties with whom we share this information, and specific pieces of personal information we collected about you.
If we have sold your information (as defined in the section 1798.140(t) of the CCPA) or disclosed it for a business purpose, we will disclose the sales and disclosures, specifying the personal information category that was sold or disclosed to our affiliates and/or third parties. Furthermore, we will disclose the categories of third parties with whom the information was sold and/or disclosed.
iManage has not sold (as the term is defined in section 1798.140(t) of the CCPA) personal information in the past 12 months.
As a California resident you have the right to opt out of the sale of your personal information at any time. Subject to some exceptions, you have the right to request that we delete your personal information. You have the right to request that your personal information is transferred to a third party. We will not discriminate against you for exercising your CCPA rights.
Our business operates exclusively online. If you are a California resident and would like to submit a consumer request, please submit a written request to DPO@imanage.com.
[ Back to the top ]
To help protect the privacy of personal information you transmit to us, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal information to those employees who need to know that personal information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your personal information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
[ Back to the top ]
We do not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not attempt to register for the services or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us personal information, please contact us at privacy@imanage.com.
[ Back to the top ]
If we modify this Privacy Policy, we will post the revised policy here, with an updated revision date. If we make significant changes to this Privacy Policy that materially alter our privacy practices, we may also notify you by other means, such as sending an email or posting a notice on our corporate website and/or social media pages prior to the changes taking effect. Your continued use of our websites or services after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates. This Privacy Policy was last updated on 03 December 2020 (with previous edits on 30 December 2019 and in August 2019, May 2019 and May 2018).
We value your opinions. If you have comments or questions about this Privacy Policy, any concerns or a complaint regarding our collection and use of your data or a possible breach of your privacy, please send them to privacy@imanage.com or write to us at the address below. We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in timely and appropriate manner.
iManage LLC
Privacy
540 West Madison, Suite 300
Chicago, IL 60661
Data Protection Officer
HewardMills Ltd
15 Old Bailey
London
EC4M 7EF
dpo@imanage.com
020 3367 1245