Innovation360 Group and its subsidiaries will, hereafter, be referred to as “the Company” and the recipient of this information and the person or company whose privacy this document is referring to will be called “the Data Supplier.” The “Company’s websites” refers to www.innovation360group.com, www.ideation360.com, www.innosurvey.com, www.guidetobusinessinnovation.com, www.interviewing360.com, www.executing360.com, www.imagine360.com, www.pestled360.com and my360.global.
This Privacy Statement covers a number of issues, among them:
- Collection, usage, logging, and disclosure of Personal Data
- Access Control
- Two-Factor Authentication and Single Sign-On
- Data Supplier Rights
COLLECTION OF DATA
In the collection of data, the Company vows to follow the following data protection principles:
- Lawful, fair, and transparent processing, with processing activities having lawful grounds
- Always considering the Data Subject’s rights before processing personal data
- Providing the Data Subject with information regarding said processing upon request
- Limiting processing to the purpose. The Processing Activities have to fit he purpose for which the personal data was collected
- Processing and gathering only the minimal amount of personal data required for any purpose
- Storage of personal data will be limited with a time period and not stored for longer than needed or required by law
- The utmost effort to ensure integrity and confidentiality of data
1. Information provided to the Company by the Data Supplier
2. Information automatically collected about the Data Supplier
This includes information that is automatically stored by cookies and other session tools, for example, the Data Supplier’s IP address and purchasing history (if there is any), etc. This information is used to improve the user experience for the Data Supplier. When using the Company’s services or looking at the Company webpage, the Data Supplier’s activities may be logged.
USE OF DATA
STORAGE OF DATA
All communication on the Ideation360 platform between the Company clients and the Data Supplier is encrypted via SSL. All data stored in the database is encrypted on a file-level, using Transparent Data Encryption. Remote access to the server hosting the websites and the database is permitted via a VPN connection. All uploaded documents by Data Suppliers will be protected by password-restricted zip-files, to ensure that no unauthorized person can access them in the event of theft, or similar.
2. Two-Factor Authentication and Single Sign-On
Two-factor authentication forces the user to enter a login password and then a verification code, usually received by phone, before accessing critical documents or information. Internally, employees of the Company use Two-Factor Authentication as provided by Apple, Google, and Microsoft, in order to access relevant material. In order to protect services and applications from attackers, and keep the Data Supplier’s information safe, two-factor authentication is available for the Company’s Enterprise clients and will be carried out via a SOC 2 compliant third-party supplier at an additional fee. Another alternative offered by the Company for its Enterprise customers is Single Sign-On (SSO), which is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications.
Only authorized individuals are permitted access to the Company’s server, containing personal information. User authentication provides audit access information and complies with regulatory requirements. Company Employees will only be given access to the documents and files which they should have authorized access to. This is continuously monitored by the Company, and routines are put in place in order to assure this. More details about Access Control can be found in the Company’s Security Policy.
DATA SUPPLIER RIGHTS
Given compliance with local law, the Data Supplier has the right to request access to the personal data that has been collected about them by the Company, for the purposes of reviewing, modifying, or requesting that the Company not process the data further. The Data Supplier also has the right to request a copy of the personal data that has been collected about them by the Company and have any inaccurate part of their data corrected.
The Data Supplier has the right to request rectification erasure of personal data that is inaccurate or incomplete. Data Supplier has the right to be forgotten, which means they may request the deletion of their personal data insofar as this personal data is no longer necessary for the purpose it was collected, or Company has a legitimate interest to hold it. Furthermore, the Data Supplier has the right to know whether their personal data is being processed, what data is gathered, from where it is obtained, and by whom it is processed. The Data Supplier has the right to object to processing, meaning that in certain cases, the Data Supplier has the right to object to automated processing, for example in the case of direct marketing.