IMPELSYS PRIVACY POLICY

IMPELSYS PRIVACY POLICY

Last modified on May 24, 2018.

At Impelsys, we value your privacy and respect your interest in knowing how information about you is collected and used.

In line with the European Union’s General Data Protection Regulation (GDPR) law, our Privacy Policy is updated to provide more information on why and how we collect, how we process, how long we retain, to whom we disclose or transfer your data and your rights on your provided information.

1. Who we are

Impelsys is into Digital Publishing and Learning Technology Solutions, we provide platforms for content and learning delivery, technology services and content & courseware development. We provide end-to-end digital solutions (herein as, ‘services’) to leading publishers, enterprises, professional associations and universities (herein as, ‘Clients’) on various platforms like web, desktop, mobile apps (herein as, ‘platform’) around the world.

We act as Data Controller & Processor, if we receive your information directly from the website www.impelsys.com provided by you on your own interest in receiving our products and services.

Primarily, we act as a Processor on behalf of our clients as Controllers based on their instructions of what to collect and the purpose of processing the information for delivery of the client’s solution.

2. What is the purpose of collecting & processing your information?

When we act as a Controller, the purpose of collection is to enhance the business relationship (B2B) and to provide you the information on our existing or new services that you are interested in. We rely on your consent, legitimate interest and fulfilment of legal obligation as legal basis of processing your information.

In case we act as a Processor, the means and purpose of processing will be defined & instructed by our clients, only to provide their services like accessing the web portal, searching eBooks, reading the book content, and learning on various platforms.  We process the information based on our contractual and legal obligation to our clients.

3. What information do we collect and When?

We collect minimum personal information sufficient to process and serve the solution, like your name, address, phone number and email address.

  • At Account/Registration Creation – Basic information like your name, address, phone number and email address. Without this, we would be unable to create an account. We may collect some additional information as instructed by our clients.
  • While Enhancing/Updating Your Profile – Image to your profile and set password recovery hint question and answers.
  • When Purchasing – While purchasing you may need to provide us billing and payment information, including full name, company name, billing/shipping address, and credit card number. If you do not provide us this information, we may be unable to process successful purchase and provide the service.
  • When Attending Fairs/Industry Events. We may collect or otherwise receive personal data such as your name, address, phone number, and email when you register for or attend an event where Impelsys is a sponsor or a participant.
  • Collected from Third-party/Direct Clients- We might collect your personal information from third-party clients like Single-Sign-On (SSO) for the specified service providers on basis of our client’s written instructions.  Google, as a third-party vendor, uses cookies to serve ads on our client sites. Google’s use of the DART cookie enables it to serve ads to your users based on their visit to your sites and other sites on the Internet.
  • Others – Your browser type, browser language preference, device type and operating system; page views and links you click within our Client Sites; IP address, device ID, or other identifier; location information; date and time stamp, and time spent using the Services; referring URL; and your activity within the Sites.

4. What do we use your information for?

Any of the information we collect from you may be used in one of the following ways:

  • To provide service or solution: Your information helps us to provide our products and services and client’s solutions.
  • To personalize your experience: Your information helps us to better respond to your individual needs.
  • To improve our website: We continually strive to improve our website offerings based on the information and feedback we receive from you.
  • To improve customer service: Your information helps us to more effectively respond to your service requests and support needs.
  • To process purchase transactions: Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, other than for the express purpose of delivering the purchased product or service requested.
  • To send periodic emails: The email address you provide, may be used to send you information and updates pertaining to your purchase, in addition to receiving occasional company news, updates, related to product or service information, etc.
  • To comply with legal obligations.

5. Where is your personal information stored?

All your personal information is stored on a secure cloud computing environment, Amazon Web Servers, these servers are located in US and EU countries. AWS is compliant with various security and data protections standards like ISO 27017 for cloud security, ISO 27018 for cloud privacy, CISPE code of conduct and GDPR.

6. Whom do we share or disclose your information to?

We do not share, sell, trade, or otherwise transfer to any third-parties or allow third party to access your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.

We share your personal information to:

  • Law enforcement bodies; financial regulators and other relevant regulatory authorities; government bodies; tax authorities; courts tribunals and complaints/dispute resolution bodies;
  • Other bodies as required by law or regulation; or
  • Enforce our site policies, or protect ours or other rights, property, or safety.

To fulfill our client contract, we share information to:

  • Trusted payment third-parties – Your credit card information is shared to the payment engines to confirm payment for products and services purchased on our client websites over a secured transfer protocol and under PCI DSS compliance standards.
  • Trusted shipping Vendors – Client has trusted delivery vendors. Your shipping address is shared to the delivery vendor to deliver products that you purchased. (only for printcopy ebook purchase)
  • Google Analytics – This tool is used to gather non-personal data and to help us improve our Client Services and user experiences. These analytics providers may use cookies and other technologies to perform their services, and may combine the information they collect about you on our Client Sites, like when you visit site page, click on the page, most purchased product, most searched terms.  Mainly this behavior is captured by google analytics as an ‘anonymized data’ ie with this data it’s not possible to identify or trace a person.

7. International or Third country or Cross border transfer

In order to process your information for the agreed purpose to serve, we have stored your information on our Cloud Amazon Web Servers (AWS) and those servers are located in US & EU countries, where you may reside in that or outside that country. AWS has adopted strong security safeguard techniques and standards like ISO 27017 for cloud security, ISO 27018 for cloud privacy, CISPE code of conduct including GDPR.

Except for storing, we do not transfer the information to any third country unless the transfer is necessary for one of the reasons set out in the GDPR like Performance of a contract, reasons of public interest, to establish, exercise or defend legal claims or to protect the vital interests or Legitimate interest.

8. How long is your information retained for?

We may retain your personal information for a period of time, for the purpose in which we originally collected the information, based on the written instructions of our Client or Contract when we act as a processor, and/or our requirements to comply with applicable laws as set out in our Data Retention policy. In case, if your information is no longer required for any purpose of lawful processing, then we will ensure it is disposed of in a secure manner.

9. Your rights relating to your personal information

You have certain rights regarding your Personal information, subjected to any data protection act or GDPR. These include the following rights:

  • Right to Access: You have the right to ask to confirm whether we are processing your personal information; request for a copy to get the additional information like what information we have, for what purpose we use it, to whom we disclose or share, are we transferring to third country, where it is stored, how long it is retained.
  • Right to rectify: You have the right to ask by sending a request to correct your personal information if it is found to be inaccurate or out of date; We may seek to verify the accuracy of the information before rectifying it and correct it.
  • Right to be forgotten (erasure): You have the right to ask by sending a request to erase your personal information.

                Requested Information is erased only if

    • This information is no longer needed for the purposes for which it was collected
    • Your consent is withdrawn (if provided earlier for lawful data processing)
    • If processed unlawfully or processed for different purpose

                  Requested Information is not erased only if, your personal information necessary to process for compliance with legal obligations or for the establishment,                                              exercise, or defense of any legal claims. In this case, your request will be rejected with considerable reason.

  • Withdraw consent: You have the right to withdraw your consent to the Processing of your information at any time if consent constitutes the lawful basis for processing.
  • Object: You have the right to object to Processing based on the grounds like the processing is necessary for public interest or the processing is necessary for the purposes of the legitimate interest, unless such interest is overridden by your fundamental rights and interests;
  • Restriction: You have the right to restrict from further processing of your personal information. Processing of your personal information will be on hold till you confirm again to continue further.
  • Portability. You have the right to ask for your personal information in a structured, commonly used, machine-readable format, or have it ‘ported’ directly to another.

In all these above cases, as a controller our privacy office group verifies your request and addresses it within a turn around time of 1 month, and as a processor, we will communicate your request to our clients and based on their response and written instructions, your request will be addressed.

In case  you are not satisfied or if your requests are being delayed or for any other reason, you can contact the Information Commissioner Office (https://ico.org.uk)  or send an email to https://ico.org.uk/global/contact-us/email if you are a European Union citizen or contact your country or state’s authorized legal or any regulatory body.

10. How do we protect your information?

We implement a variety of security measures to maintain the safety of your personal information when you access your personal information.

We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment Gateway providers database only to be accessible by those authorized with special access rights to such systems and are required to keep the information confidential.

After a transaction, your private information (credit cards, social security numbers, financials, etc.) will not be stored on our servers.

11. Do we use cookies?

Yes (Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.

We use cookies to help us remember and process the items in your shopping cart, understand and save your preferences for future visits, keep track of advertisements and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. We may contact third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.

If you prefer, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies via your browser settings. Like most websites, if you turn your cookies off, some of our services may not function properly. However, you can still place orders over the telephone or by contacting customer service.

12. Children’s Online Privacy Protection Act Compliance

We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years or older. We encourage parents and legal guardians to monitor and if you have any reason to believe that a child under the age of 13, without a parent or guardian’s consent has provided personal information, then please contact us at privacyoffice@impelsys.com, and we will use reasonable efforts to delete that information based on parent/guardian consent.

13. We are not responsible for

  • Disclosure of your information to others You should be aware that personal identifiable information (PII) – such as your name or e-mail address that you voluntarily disclose and that is accessible to other users (e.g. on social media, forums, bulletin boards or in chat areas) could be collected and disclosed by others. We will NOT take any responsibility for such collection and disclosure.
  • Links to Other Sites Our corporate website may contain links to other websites. Please be aware that We are not responsible for the privacy policies and/or practices of such other websites. We encourage you to read the privacy statements of any linked sites as their privacy practices may differ from ours.
  • Third Party Widgets Our Sites may include social media features and widgets (collectively “Widgets”), such as a “share this” button or other interactive mini-programs that run on our Services. Widgets can be used to provide you specific services from other companies (e.g., displaying the news, opinions, music, etc.). Personal information, such as your email address, may be collected through the Widgets. Cookies may also be set by the Widgets to enable them to function properly. Widgets displayed on our Sites are not hosted by us and are subject to the privacy policies of the third-party company providing the Widget, and not this Policy.

14. How to Contact us

If you have any questions or concerns regarding the way in which your personal data is being processed or you want to exercise your rights, please reach us out at privacyoffice@impelsys.com