Confidentiality and Privacy Notice
iDeals group of companies includes iDeals Solutions Operations Limited, iDeals Solutions Group, iDeals Solutions Group Limited and their affiliates (“iDeals” or “we”) respect your privacy. We have prepared this Confidentiality and Privacy Notice (“Notice”) in compliance with the EU Regulation (EU) 2016/679 (“GDPR”) commitments. This Notice explains what iDeals does with Personal Data of those individuals, whose Data are collected and processed based on their applications to iDeals, either for marketing purposes, the information and/or services provision or other contractual relations with iDeals.
From the data protection perspective, iDeals is a data controller. This means we are responsible for deciding how we hold and use personal information about you:
Each of iDeals entities is a data controller for personal data of its applicants.
- by email: firstname.lastname@example.org.
- in writing: Albert Buildings, 49 Queen Victoria Street, London EC4N 4SA, the United Kingdom or The Hub, Suite E303, Triq Sant Andrija, San Gwann, SGN 1612, Malta.
This Notice equally applies towards the Personal Data of the following Data subjects:
- Data subjects, who submit (submitted) their Personal Data for the services inquiries directly to iDeals or through different services (“Applicants”).
1. What is Personal Data and what is the processing of Personal Data?
Personal Data (“Data”) is any information relating to you and that alone or in combination with other pieces of information gives the opportunity to a person that collects and processes such information to identify you as an individual.
At the same time, processing of the information means any action with your Personal Data, for example, collection, recording, organizing, structuring, storage, use, disclosure by any means, and so on.
2. What is the legal basis of iDeals for processing?
iDeals will process your Personal Data only when we have lawful bases. Specifically, iDeals processes your Personal Data in the following cases.
iDeals collects and processes Personal Data of the Applicants pursuant to:
- iDeals’ legitimate interests (Art. 6.1 (f) of the GDPR) such as services inquiries process, assessment and confirmation of Applicants’ suitability for the services provision, and decision-making for further cooperation. Legitimate interests shall also cover the transmission of Personal Data for internal sales purposes within iDeals’s affiliates, employees, and contractors. Please, note that the achievement of the aforementioned legitimate purposes is in the best interests of your application;
- legal obligations (Art. 6.1 (c) of the GDPR) that iDeals shall perform, including those necessary to carry out respective communications.
We will use information obtained from the Applicants solely to provide the information about the services to you.
Please note that we do not share, sell, or lease Personal Data about Applicants with any third parties for their marketing use. iDeals will not use or share Personal Data of Applicants except as described in this Notice.
3. Data we collect: scope
iDeals collects a range of information about you. From the Applicants we collect the following information:
- Your full name (first and last name, patronymic);
- Work and personal email addresses;
- Telephone number;
- Date of birth;
- Skype name;
- LinkedIn profile link;
- Facebook profile link;
- Recorded Interviews;
- IP address and other information collected passively.
iDeals will collect your Personal Data through the form submission on iDeals’ website.
4. How do we share information?
Your information will be shared internally for further services provision purposes. This includes members of the sales, customer success and customer support teams of iDeals, interviewers involved in the process, and IT staff if access to the Data is necessary for the performance of their roles.
Your Data may be transferred outside the European Economic Area (EEA), to facilitate the information provision and only within the affiliates, employees and contractors of iDeals. Data is transferred outside the EEA on the basis of respective legally binding safeguards incorporated into documents with such persons. This is achieved by using only certified services and products, signing agreements on protection of Personal Data with contractors and partners (including the Standard Data Protection Contractual Clauses Adopted by the European Commission and compliant with the EU Data protection laws), as well as taking technical measures to ensure the information is protected when stored, used and while being processed and transferred.
5. How long do we store Personal Data?
Your Personal Data will be processed and stored during the whole process (as well as contractual relations in case further cooperation), and for 12 months thereafter, and at the end of that period it will be deleted or anonymized.
6. Your rights regarding your Personal Data iDeals collects and processes:
With regard to the Data we collect and process about you, you have a right:
- to access to your Personal Data processed by iDeals and right to Data portability; in other words, ask for the list of Personal Data currently processed and respective purposes;
- to request from iDeals to rectify your Personal Data requiring corrections;
- to request from iDeals to erase Personal Data as long as their processing is no longer necessary for why it was actually collected. The same should happen if we do not have legal grounds for the processing anymore. In most cases iDeals will erase it unless otherwise required by legislation;
- to restrict the processing of your Personal Data by iDeals. For example, you could contest the accuracy of your Personal Data or in case iDeals is not interested in the processing of your Personal Data any longer, but you want iDeals to do this for different reasons, for example, to bring some claim for somebody and, instead of the erasure of information, its processing will be just restricted.
- to object the processing of your Personal Data by iDeals when the processing is related to the performance of our task carried in the public interest or the exercise of official authority vested in us. The other case is if we process your Data for the purposes of the legitimate interests pursued by us or by a third party and you believe that such interests are overridden by your interests or fundamental rights and freedoms. If you make a request with an objection to processing, we will no longer process the Personal Data unless we are able to demonstrate compelling legitimate grounds for the processing.
Any requests to exercise your rights can be directed to iDeals through the contact details provided below. These requests are free of charge.
7. Other privacy commitments
(1) Cross-border transfers
Please, note that one of our entities is a United States-based company. We collect and process your Personal Data both within the United States and outside the United States. Although countries where we process Data may have different laws, we take measures to ensure high privacy compliance. To achieve uniform protection, we are conducting international transfers assessment to choose appropriate safeguards. In particular, we sign the Standard Contractual Clauses as adopted by the European Commission annexed to the DPA with our contractors when we are required to do so by law as well as taking technical measures to ensure the information is protected when stored, used and while being processed and transferred. We also sign a Data Processing Agreement (DPA) with each third-party processing Personal Data on our behalf.
(2) Time for reply and reaction
iDeals will provide information on action taken on your request related to your rights specified above within one month of receipt of the request for the longest. That period may be extended by two further months if iDeals is overwhelmed by the number of requests or the request at issue is complicated and requires a lot of action. iDeals will inform you of any such extension within one month of receipt of the request, together with the reasons for such delay.
If you have doubts as to our reply or reaction, or absence of such, you have the right to lodge a complaint with a supervisory authority that is empowered to process such complaints in your country.
iDeals uses technical and organizational measures to ensure the information is processed in a manner that ensures appropriate security of information, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage. For example, iDeals uses verified contractors that might have access to the Data with which the relevant data processing agreements are signed.
(4) Breach notifications
If any Personal Data of yours would be under the breach, we would inform you and the respective Data protection agencies as to the accidents without undue delay, if there are high risks of violation of your rights as a data subject. We would also do our best to minimize any such risks.
(5) California Privacy Rights
In case you are a resident of California, the California Civil Code Section 1198.5 permits you to inspect and receive a copy of your personnel record. To make such a request, please send an email to email@example.com.
8. Confidentiality commitments
(1) “Confidential Information” means any and all information disclosed by iDeals (the “Disclosing Party”) to you (the “Receiving Party”) in connection with the provision of the information and/or services, irrespective of any confidentiality requirement from a Disclosing Party, presence or absence of the confidentiality label on the information, form of the information, or its content.
(2) Confidential information shall not include any materials or information which the Receiving Party shows:
a) was known to it prior to the information’s disclosure in connection with the provision or use of the services;
b) is or becomes generally available to the public through no act or default on the part of the receiving party, its employees and subcontractors;
c) was rightfully received from a third party under no contractual, legal or fiduciary obligation to keep such information confidential;
d) was independently developed by the Receiving Party, without the use of any Confidential Information; or
e) is required to be disclosed pursuant to, or by, any applicable laws, rules, regulatory authority, court order or other legal process, provided that the Receiving Party shall, promptly upon learning that such disclosure is required, give written notice of such disclosure to the Disclosing Party.
(3) The Receiving Party undertakes to use reasonable measures to safeguard the Confidential Information. The Receiving Party will not at any time without the prior written consent of the Disclosing Party publish, disseminate, duplicate or use, directly or indirectly, Confidential Information for any purposes other than stated in this Notice (the “Authorized Purpose”). The Receiving Party will not disclose, in whole or in part, the Confidential Information to any person.
(3) The Receiving Party undertakes to hold the Confidential Information of iDeals in strict confidence during the terms of cooperation with iDeals and 12 (twelve) months after its termination.