This Policy applies to all Imanami entities that process Personal Data.
“Automated Decisions” are defined as decisions about individuals based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved.
“Controller” means a person or organization that, alone or jointly with others, determines the purposes and means of personal data processing.
“Data Subject” means an individual for whom Imanami Processes Personal Data.
“Employee” means any current, former, or prospective employee, temporary worker, intern, or other non-permanent employees of Imanami or any current or prospective subsidiary or affiliate of Imanami.
“European Economic Area (“EEA“)“ means the following countries: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Republic of Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, The Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, the U.K.
“Personal Data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity and includes information, that (i) relates to an identified or identifiable Customer, Employee or Supplier’s representative; (ii) can be linked to that Customer, Employee or Supplier’s representative; (iii) is transferred to Imanami in the U.S. from the EEA or Switzerland, and (iv) is recorded in any form.
“Privacy Officer” means the individual officer designated by Imanami as the initial point of contact for inquiries, complaints, or questions regarding privacy matters. The Privacy Officer is identified at the end of this Policy.
“Processing” is defined as any action that is performed on Personal Data, whether in whole or in part by automated means, such as collecting, modifying, using, disclosing, or deleting such data. This Policy does not cover data rendered anonymous or where pseudonyms are used that do not allow for, directly or indirectly, to identify an individual. The use of pseudonyms involves replacing names or other identifiers with substitutes so that identification of individual persons is either impossible or at least rendered considerably more difficult. This Policy shall apply again if the protections offered through anonymization no longer apply.
“Sensitive Personal Data” means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership or concerning health or sex, and the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
“Supplier” means any supplier, vendor, or other third party located in the USA and/or the EEA or Switzerland that provides services or products to Imanami.
III. APPLICATION OF EU DATA PROTECTION LAWS
This Policy is designed to provide compliance with all relevant applicable data protection laws in the EEA and the General Data Protection Regulation (“GDPR”). Imanami will handle Personal Data in accordance with local law at the place where the Personal Data is processed.
IV. PRINCIPLES FOR PROCESSING PERSONAL DATA
Imanami respects the privacy of Data Subjects and is committed to protecting Personal Data. Imanami will observe the following principles when processing Personal Data:
- Data will be processed lawfully and in accordance with applicable law.
- Data will be collected for specified, legitimate purposes and not processed further in ways incompatible with those purposes.
- Data will be relevant to and not excessive for the purposes for which they are collected and used. For example, data may be rendered anonymous if deemed reasonable, feasible, and appropriate, depending on the nature of the data and the risks associated with the intended uses.
- Data Subjects in the E.U. may be asked to provide their clear and unequivocal consent for the collection, processing, and transfer of their Personal Data.
- Data will be accurate and, where necessary, kept up up-to-date. Reasonable steps will be taken to rectify or delete Personal Data that is inaccurate or incomplete.
- Data will be kept as it is necessary for the purposes for which it was collected and processed. Those purposes are described in this Policy.
- Data will be deleted or amended following a relevant request by the Data Subject, provided such request complies with applicable law.
- Data will be processed in accordance with the Data Subject’s legal rights (as described in this Policy or as provided by law).
- Appropriate technical, physical, and organizational measures will be taken to prevent unauthorized access, unlawful processing, and unauthorized or accidental loss, destruction, or damage to data. In case of any such violation concerning Personal Data, Imanami will take appropriate steps to end the violation, determine liabilities according to applicable law, and cooperate with the competent authorities.
V. TYPES OF DATA PROCESSED
Imanami’s services do not need to collect or process individual consumer information to perform its services. However, as part of the services Imanami provides, it may have incidental access to Personal Data.
Concerning Customer contact information, Imanami collects and processes the following categories of Personal Data:
- First and last name
- Business email address, and
- Business telephone number
Imanami does not need any Sensitive Personal Data and instructs its customers to avoid submitting any Sensitive Personal Data to Imanami.
VI. WAYS OF OBTAINING PERSONAL DATA
Imanami obtains Personal Data through various sources:
- As submitted by the customer through the services;
- Collected from publicly available databases;
- The use of third-party vendors who compile databases for Imanami’s use (Imanami requires assurances from the third-party vendor that the information was collected, processed, and transferred in compliance with applicable data protection laws and that Imanami is permitted to make further use of the information)
VII. PURPOSES FOR PERSONAL DATA PROCESSING
Imanami processes Personal Data for legitimate purposes related mostly to direct marketing in a business-to-business context. Imanami does not process for purposes of marketing to individual consumers.
In addition, Imanami may process Personal Data for business operational purposes. The preceding limited purposes will be taken into consideration before any processing of Personal Data occurs
For customer/supplier-specific Personal Data, the purposes of processing may include:
- Management of Imanami’s relationships with its customers and suppliers
- Processing payments
- Carrying out Imanami’s obligations under its contracts with customers and suppliers
In the event of a change of the preceding, Imanami will inform affected Data Subjects of new processes or applications, new purposes for which the Personal Data is to be used, and the categories of recipients of the Personal Data.
VIII. SECURITY AND CONFIDENTIALITY
Imanami is committed to implementing and maintaining appropriate technical, physical, and organizational measures to protect Personal Data against unauthorized access, unlawful processing, accidental loss or damage, and unauthorized destruction.
IX. RIGHTS OF DATA SUBJECTS
Any person has the right to be provided with information about the nature of the Personal Data stored or processed about him or her by Imanami and may request deletion or amendments.
If access is denied, the Data Subject has the right to be informed about the reasons for the denial. The person affected may contact any competent regulatory body or authority to resolve the issue. Imanami will handle any complaint resolution or inquiry about Personal Data in a transparent and timely manner.
If any information is inaccurate or incomplete, the Data Subject may request that the data be amended. Suppose the Data Subject demonstrates that the purpose for which the data is being processed in no longer legal or appropriate. In that case, the data will be deleted unless applicable laws require otherwise.
In connection with the activities described under Section VII, Imanami may transmit Personal Data outside the EEA and, more specifically, to (i) Imanami’s corporate headquarters in California, USA. Moreover, Personal Data might be sent to the following third parties in or outside the EEA:
- Selected Third Parties: Imanami may disclose or share the Personal Data of customers or prospective customers with suppliers or other third-party vendors, but Imanami will not sell any Personal Data without the Data Subject’s valid consent.
- Other Third Parties: Imanami may be required to disclose specific Personal Data to other third parties: (i) As a matter of law (e.g., to tax authorities); (ii) to protect Imanami’s legal rights; (iii) to Law Enforcement Authorities in compliance with applicable laws.
XI. AUTOMATED DECISIONS
XII. CONTACT INFORMATION
Imanami will ensure that this Policy is observed and duly implemented. All Imanami Employees who have access to Personal Data must comply with this Policy.
Suppose at any time a person believes that Personal Data relating to him or her has been Processed in violation of this Policy. In that case, he or she should report the concern to the Privacy Officer. In addition, Imanami is happy to answer any questions related to its Processing of Personal Data.