PRIVACY POLICY
OVERVIEW
Purpose
This Privacy Statement of Innovation360 Group AB aims to provide the reader with an understanding of how their data is being collected, used, and shared and why. The Privacy Policy also states how the reader can access and control their personal data and how cookies are used and stored by Innovation360 Group and its subsidiaries. For each of the Company’s products, e.g.InnoSurvey, My360, and Transformation360, there is a separate and specific policy, which will be communicated with the Data Supplier at the point of registration or submission of personal data from the Data Supplier to the Company for the said product (“Product Privacy Policy”).
Definitions
Innovation360 Group and its subsidiaries will, hereafter, be referred to as “the Company” and the recipient of this information and the person or company whose privacy this document is referring to will be called “the Data Supplier”. The “Company’s websites” refer to the following sites with sub-domains www.innovation360.com, www.ideation360.com, www.my360.global, www.transformation360.online
Scope
This Privacy Statement covers a number of issues, among them:
- Collection, usage, logging, and disclosure of Personal Data
- Access Control
- Encryption
- Two-Factor Authentication and Single Sign-On
- Cookies
- Data Supplier Rights
COLLECTION OF DATA
In the collection of data, the Company vows to follow the following data protection principles:
- Lawful, fair, and transparent processing, with processing activities having lawful grounds
- Always consider the Data Subject’s rights before processing personal data
- Providing the Data Subject with information regarding said processing upon request
- Limiting processing to the purpose. The Processing Activities have to fit he purpose for which the personal data was collected
- Processing and gathering only the minimal amount of personal data required for any purpose
- Storage of personal data will be limited with a time period and not stored for longer than needed or required by law
- The utmost effort to ensure integrity and confidentiality of data
Information provided to the Company by the Data Supplier
Such information could be an e-mail address, name, billing address, home address, etc. i.e., information necessary for delivering a service or to enhance the user experience with the Company. The provided information is saved in order to enable continued activity on the Company’s websites and platforms by the Data Supplier. For more detailed information regarding which information the Company collects, please read the applicable Product Privacy Policy.
Information automatically collected about the Data Supplier
This includes information that is automatically stored by cookies and other session tools. For example, the Data Supplier’s IP address and purchasing history (if there is any), etc. This information is used to improve the user experience for the Data Supplier. When using the Company’s services or looking at the Company webpage, the Data Supplier’s activities may be logged.
USE OF DATA
The Data Supplier’s personal data is used for purposes specified in each Product Privacy Policy. Such purposes could be sending out regular newsletters or curated newsletters, sending out push notifications to desktop and mobile devices, enhancing the user experience on the Company’s websites, identifying the user, promoting the content of the Company, and fulfilling an obligation under law or contract. The personal data is only used on legitimate grounds and with the consent of the Data Supplier. Furthermore, the personal data of the Data Supplier is used to administer and analyze activities on the Company’s website and in order to improve the quality, variety and availability of services and content provided. Data Suppliers’ personal data may also be transferred to third parties, e.g., Supplier hosting via a third party. For more detailed information, please read the applicable Product Privacy Policy. The Company will NOT sell the Data Supplier’s personal data to a third party without the Data Supplier’s prior consent.
STORAGE OF DATA
The Company will retain personal data for as long as it has a legitimate interest in processing the personal data. The lengths of such periods are specified in each specific Product Privacy Policy.
Encryption
All communication on the ideation360 platform between the Company clients and the Data Supplier is encrypted via SSL. All data stored in the database is encrypted on a file level, using Transparent Data Encryption. Remote access to the server hosting the websites and the database is permitted via a VPN connection. All uploaded documents by Data Suppliers will be protected by password-restricted zip files to ensure that no unauthorized person can access them in the event of theft or similar.
Two-Factor Authentication and Single Sign-On
Two-factor authentication forces the user to enter a login password and then a verification code, usually received by phone, before accessing critical documents or information. Internally, employees of the Company use Two-Factor Authentication as provided by Apple, Google, and Microsoft in order to access relevant material. In order to protect services and applications from attackers and keep the Data Supplier’s information safe, two-factor authentication is available for the Company’s enterprise clients and will be carried out via an ISO 27 0000 and SOC 2-compliant third-party supplier at an additional fee. Another alternative offered by the Company for its Enterprise customers is Single Sign-On (SSO), which is a session and user authentication service that permits a user to use one set of login credentials (e.g. name and password) to access multiple applications.
ACCESS CONTROL
Only authorized individuals are permitted access to the Company’s server containing personal information. User authentication provides audit access information and complies with regulatory requirements. Company Employees will only be given access to the documents and files to which they should have authorized access. This is continuously monitored by the Company, and routines are put in place in order to ensure this. More details about Access Control can be found in the Company’s Security Policy.
COOKIES
The Company may automatically collect information about the devices that the Data Supplier uses to interact with the Company’s websites. The information automatically collected may include IP address, device identifier, web browser, and browsing information collected through cookies, web beacons, pixels, clear gifs, and other similar technologies (collectively “Cookies and Other Tracking Technologies”) on the Company’s Sites. The Company may also automatically collect information about how the Data Supplier uses the Sites; the information automatically collected may be associated with any personal data that the Data Supplier has provided. For more information regarding the Company’s use of cookies, please read each Company Site’s cookie policy, which can be found on respective Company Site.
DATA SUPPLIER RIGHTS
Given compliance with local law, the Data Supplier has the right to request access to the personal data that has been collected about them by the Company for the purposes of reviewing, modifying, or requesting not having the Company process the data further. The Data Supplier also has the right to request a copy of the personal data that has been collected about them by the Company and have any inaccurate part of their data corrected.
The Data Supplier has the right to request rectification erasure of personal data that is inaccurate or incomplete. Data Supplier has the right to be forgotten, which means it may request the deletion of your personal data insofar as this personal data is no longer necessary for the purpose it was collected or Company has a legitimate interest to hold it. Furthermore, the Data Supplier has the right to know whether their personal data is being processed, what data is gathered, from where it is obtained, and by whom it is processed. The Data Supplier has the right to object to processing – meaning that in certain cases, the Data Supplier has the right to object to automated processing, for example, in the case of direct marketing.
In order to make a request to access, review, or correct the personal data that the Company has collected about the Data Supplier or to learn more about the Company’s policy for processing data, please see contact details at the end of this document. The Data Supplier also has the right to unsubscribe from mailing lists or any registrations on any of the Company’s websites. To do so, please either follow instructions on the page of the Site on which you have provided such information, subscribed or registered, or contact us at the address provided at the bottom of this Privacy Policy. As for unsubscribing from the Company’s newsletter, the Data Supplier can do so by emailing info@innovation360.se or clicking on the “unsubscribe”-link at the bottom of each newsletter. It is also the Data Supplier’s right to receive the personal data which it has given to us, in a structured, commonly used, and machine-readable format, and Data Supplier has the right to transmit such data to another data controller.
CHANGES TO THIS PRIVACY POLICY
Please note that this Privacy Policy may change from time to time. If the Company changes this Privacy Policy in ways that affect how the Company uses the Data Supplier’s personal information, the Company will advise the Data Supplier of the choices it may have as a result of those changes. The Company will also inform the Data Supplier that this Policy Privacy has changed.
For more information, please contact the Innovation360 Group: dataprotectionofficer@innovation360.se