OVERVIEW

1. Purpose

This Privacy Statement of Innovation360 Group, aims to provide the reader with an understanding of how their data is being collected, used, and shared, and why. The Privacy Policy also states how the reader can access and control their personal data, and how cookies are used and stored by Innovation360 Group and its subsidiaries. For each of the Company’s products, e.g. InnoSurvey and Ideation360, there is a separate and specific policy, which will be communicated with the Data Supplier at the point of registration or submission of personal data from the Data Supplier to the Company, for the said product (“Product Privacy Policy”).

2. Definitions

Innovation360 Group and its subsidiaries will, hereafter, be referred to as “the Company” and the recipient of this information and the person or company whose privacy this document is referring to will be called “the Data Supplier.” The “Company’s websites” refers to www.innovation360.comwww.ideation360.com, www.innosurvey.comwww.guidetobusinessinnovation.com, www.interviewing360.comwww.executing360.com, www.imagine360.com, www.pestled360.com and my360.global.

3. Scope

This Privacy Statement covers a number of issues, among them:

  • Collection, usage, logging, and disclosure of Personal Data
  • Access Control
  • Encryption
  • Two-Factor Authentication and Single Sign-On
  • Cookies
  • Data Supplier Rights

COLLECTION OF DATA

In the collection of data, the Company vows to follow the following data protection principles:

  • Lawful, fair, and transparent processing, with processing activities having lawful grounds
  • Always considering the Data Subject’s rights before processing personal data
  • Providing the Data Subject with information regarding said processing upon request
  • Limiting processing to the purpose. The Processing Activities have to fit  he purpose for which the personal data was collected
  • Processing and gathering only the minimal amount of personal data required for any purpose
  • Storage of personal data will be limited with a time period and not stored for longer than needed or required by law
  • The utmost effort to ensure integrity and confidentiality of data

1. Information provided to the Company by the Data Supplier

Such information could be an e-mail address, name, billing address, home address, etc. i.e., information necessary for delivering a service or to enhance the user experience with the Company. The provided information is saved in order to enable continued activity on the Company’s websites and platforms by the Data Supplier. For more detailed information regarding which information the Company collects, please read the applicable Product Privacy Policy.

2. Information automatically collected about the Data Supplier

This includes information that is automatically stored by cookies and other session tools, for example, the Data Supplier’s IP address and purchasing history (if there is any), etc. This information is used to improve the user experience for the Data Supplier. When using the Company’s services or looking at the Company webpage, the Data Supplier’s activities may be logged.

USE OF DATA

The Data Supplier’s personal data is used for purposes specified in each Product Privacy Policy. Such purposes could be to send out regular newsletters or curated newsletters, to send out push-notifications to desktop and mobile devices, to enhance the user experience on the Company’s websites, to identify the user, to promote the content of the Company, and to fulfil an obligation under law or contract. The personal data is only used on legitimate grounds and with the consent of the Data Supplier. Furthermore, the personal data of the Data Supplier is used to administer and analyze activities on the Company’s website and in order to improve the quality, variety, and availability of services and content provided. Data Suppliers, personal data may also be transferred to third parties, e.g. Supplier hosting via third party. For more detailed information, please read the applicable Product Privacy Policy. The Company will NOT sell the Data Supplier’s personal data to a third party without Data Supplier’s prior consent.

STORAGE OF DATA

The Company will retain personal data for as long as it has a legitimate interest to process the personal data. The lengths of such periods are specified in each specific Product Privacy Policy.

1. Encryption

All communication on the Ideation360 platform between the Company clients and the Data Supplier is encrypted via SSL. All data stored in the database is encrypted on a file-level, using Transparent Data Encryption. Remote access to the server hosting the websites and the database is permitted via a VPN connection. All uploaded documents by Data Suppliers will be protected by password-restricted zip-files, to ensure that no unauthorized person can access them in the event of theft, or similar.

2. Two-Factor Authentication and Single Sign-On

Two-factor authentication forces the user to enter a login password and then a verification code, usually received by phone, before accessing critical documents or information. Internally, employees of the Company use Two-Factor Authentication as provided by Apple, Google, and Microsoft, in order to access relevant material. In order to protect services and applications from attackers, and keep the Data Supplier’s information safe, two-factor authentication is available for the Company’s Enterprise clients and will be carried out via a SOC 2 compliant third-party supplier at an additional fee. Another alternative offered by the Company for its Enterprise customers is Single Sign-On (SSO), which is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications.

ACCESS CONTROL

Only authorized individuals are permitted access to the Company’s server, containing personal information. User authentication provides audit access information and complies with regulatory requirements. Company Employees will only be given access to the documents and files which they should have authorized access to. This is continuously monitored by the Company, and routines are put in place in order to assure this. More details about Access Control can be found in the Company’s Security Policy.

COOKIES

The Company may automatically collect information about the devices that the Data Supplier uses to interact with the Company’s websites. The information automatically collected may include IP address, device identifier, web browser, and browsing information collected through cookies, web beacons, pixels, clear gifs, and other similar technologies (collectively “Cookies and Other Tracking Technologies”) on the Company’s Sites. The Company may also automatically collect information about how the Data Supplier uses the Sites; the information automatically collected may be associated with any personal data that the Data Supplier has provided. For more information regarding Company’s use of cookies please read each Company Site’s cookie policy, which can be found on respective Company Site.

DATA SUPPLIER RIGHTS

Given compliance with local law, the Data Supplier has the right to request access to the personal data that has been collected about them by the Company, for the purposes of reviewing, modifying, or requesting that the Company not process the data further. The Data Supplier also has the right to request a copy of the personal data that has been collected about them by the Company and have any inaccurate part of their data corrected.

The Data Supplier has the right to request rectification erasure of personal data that is inaccurate or incomplete. Data Supplier has the right to be forgotten, which means they may request the deletion of their personal data insofar as this personal data is no longer necessary for the purpose it was collected, or Company has a legitimate interest in holding it. Furthermore, the Data Supplier has the right to know whether their personal data is being processed, what data is gathered, from where it is obtained, and by whom it is processed. The Data Supplier has the right to object to processing, meaning that in certain cases, the Data Supplier has the right to object to automated processing, for example, in the case of direct marketing.

In order to make a request to access, review, or correct the personal data that the Company has collected about the Data Supplier, or to learn more about the Company’s policy for processing data, please see contact details at the end of this document. The Data Supplier also has the right to unsubscribe from mailing lists or any registrations on any of the Company’s websites. To do so, please either follow the instructions on the page of the Site on which you have provided such information, subscribed, or registered, or contact us at the address provide at the bottom of this Privacy Policy. To unsubscribe from the Company’s newsletter, the Data Supplier can mail  info@innovation360.se or clicking on the “unsubscribe” link at the bottom of each newsletter. It is also Data Supplier’s right to receive the personal data that they have given to the Company, in a structured, commonly used, and machine-readable format; Data Supplier has the right to transmit such data to another data controller.

CHANGES TO THIS PRIVACY POLICY

Please note that this Privacy Policy may change from time to time. If the Company changes this Privacy Policy in ways that affect how the Company uses Data Supplier’s personal information, the Company will advise Data Supplier of the choices they may have as a result of those changes. The Company will also inform Data Supplier that this Policy Privacy has changed. For more information, please contact the Innovation360 Group: dataprotectionofficer@innovation360.se