Privacy Policy

Effective: June 28, 2019

Privacy Policy

Identity Automation is strongly committed to protecting the privacy of site visitors, prospects, and customers. We recognize that when “You” choose to provide us with information about yourself, “You” trust us to act in a responsible manner and to protect and safely manage any “Personal Information” that “You” share with us. We will not sell “Your” “Personal Information” to anyone. The information shared with us as a part of “Your” “Website” visit will be processed by Identity Automation and its service providers entirely within the United States.

This policy explains the information we collect from users through the Identity Automation Website, how the information is obtained, how it is used, how it is stored, and how its use and disclosure can be restricted.

“Personal Information (PHI) (PII)” means any information that may be used to identify an individual, including, but not limited to, a first and last name, a physical address, an email address, or other contact information, whether at work or at home.

IMPORTANT NOTE: By accessing and using Identity Automation “website,” “You” acknowledge and agree to abide and be bound by this “Privacy Policy” (this “Privacy Policy”), and “You” expressly consent to Identity Automation’s collection, use, and disclosure of “Your” “Personal Information,” in accordance with the terms and conditions of this “Privacy Policy”. This “Privacy Policy” is incorporated into and subject to the Terms and Conditions for any Identity Automation “Website.” When reading through this “Privacy Policy”, please read the contents in its entirety and do not rely on headings, which are illustrative of some but not all of the encompassed contents and should not be read so as to limit any of the terms and conditions detailed below each heading.

Definitions

Our Cookie Policy and Use of Other Tracking Technologies

Collection, Use and Purpose Limitations of Your Information

Change Management of Privacy Policy

Children’s Personal Information Policy

Access and Data Integrity

Third-Party Service Providers

FERPA/COPPA

Choice, Security, Access and Accuracy of Your Information Choice

GDPR

HIPAA

Contact Information, Recourse and Enforcement

Definitions

“You” and “Your” refers jointly and severally to the individual and/or entities accessing this site and the Identity Automation customer or partner by which “You” are employed or with which “You” are affiliated.

“Materials” refers to the software, courseware, toolkits, documentation and all other information, whether tangible or intangible, that Identity Automation makes available on the “Website.”

“Affiliates” refers to present or future companies, schools, agencies, entities that, directly or indirectly, through one or more intermediaries, control, are controlled by, or are under common control with Identity Automation.

“Services” refers to the services provided by Identity Automation in connection with the “Materials,” as well as any other related education or training services provided by or through the “Website.”

“User Content” refers to any data, text, links, media, or other content that “You” submit to Identity Automation via a “Website.”

“Website” refers to the website www.IdentityAutomation.com and all other related sub-domains, including the Identity Automation Blog (http://blog.identityautomation.com/), Identity Automation landing pages (http://info.identityautomation.com), the Identity Automation Support Portal, and any Identity Automation online forums, each of which includes text, media, documentation, pictures, and other content.

“Visitors” refers to individuals who visit the “Website.”

Identity Automation’s “Website” may utilize “cookies” and other tracking technologies. When “You” visit our “Website,” Identity Automation may place one or more “cookies” on “Your” computer. A “cookie” is a small text file that may be used, for example, to collect information about “Website” activity. Some cookies and other technologies may serve to recall “Personal Information” previously indicated by a “Website” “Visitor.” Identity Automation uses cookies for all or any of the following purposes:

  • Identify “You” when “You” access, visit, log-in to or complete a form submission on any Identity Automation “Website”. This enables “You” to re-visit any Identity Automation “Website” without having to re-enter information upon each visit.
  • To note different areas of any Identity Automation “Website” which have recently been accessed through “Your” computer. Information collected in this way may be used to develop and manage the online services of Identity Automation by, for example, storing information about “Your” preferences so as to enable Identity Automation to customize any Identity Automation “Website” according to “Your” individual interests.
  • Delivering content on any Identity Automation “Website” which is relevant to “Your” individual interest.
    Monitoring the effectiveness of any promotions or marketing campaigns by Identity Automation or its Affiliates.
  • Tracking “Your” entries, submissions, and status in promotions, sweepstakes, and contests.
  • Improving any “Website” content and conducting various other diagnostics to improve Identity Automation’s services. Identity Automation may, for example, use cookies to monitor aggregate metrics such as total number of “Visitors” and pages viewed. 
  • Analyzing and improving “Website” security.

The Identity Automation “Website” does not respond to “do not track” signals from browsers. Thus, “Your” selection of the “do not track” option provided by “Your” browser may not have any effect on our collection of cookie information for analytic and internal purposes. To effectively manage our collection of cookie information, “You” may set most browsers to notify “You” if “You” receive a cookie, or “You” may choose to block cookies through the settings associated with “Your” browser. But note, that if “You” choose to erase or block cookies, “You” will need to re-enter “Your” original information (e.g., user name, password or general contact info) to gain access to certain parts of the Identity Automation “Website” and may not be able to access other parts of the Identity Automation “Website”.

Collection, Use and Purpose Limitations of Your Information

On some pages where Identity Automation collects “Personal Information” on our “Website,” Identity Automation may post a purpose statement that explains why such “Personal Information” will be collected. In all other cases where Identity Automation collects “Personal Information,” Identity Automation will use such “Personal Information” in accordance with the purposes outlined below. Unless expressly noted otherwise in the purpose statement or below, or elsewhere in this “Privacy Policy”, Identity Automation will not transfer “Personal Information” without “Your” or an “Authorized Responsible entities” consent to third parties who are not bound to act on Identity Automation’s or said “Entities” behalf unless such transfer is legally required.

Use of Data.

Identity Automation uses the data to configure, administer and provide the

Identity Automation IAM, (Identity and Access Management) Platform, MFA (Multi-Factor Authentication) Platform and service for organizations. We may also use the information to contact “You” to further discuss “Your” interest in our company, the IAM, MFA Platform and Service, to send information regarding our company or partners, such as promotions and events, and to respond to “Your” requests for information.

At any time, “You” have the ability to opt out of receiving marketing communications from us, but “You” may not opt out of administrative emails. We may provide “Your” “Personal Information” to companies that provide services to help us with our business activities such as payment processing or offering customer service through our live chat service. These companies are authorized to use “Your” “Personal Information” only as necessary to provide these services to us.

With “Your” prior express permission, Identity Automation may log into “Your” Identity Automation account solely to resolve a problem or support issue. In this case, the Identity Automation personnel investigating the problem would have the same access and abilities that “You” have when “You” are logged in to the Identity Automation; however, the Identity Automation personnel actions are logged in an immutable audit log.

Registered Account Information from School/Educators and School IT administrators may be visible during Customer Support/Troubleshooting, including but limited to School name, School address, IT admin email address, User name and a contact phone number.

Portions of the Identity Automation Platform and Service, as well as the Website contain functions for collecting “Personal Information” including names and email addresses as well as an individual’s or account’s access history. We may also collect and track other personally identifiable and non-personally identifiable information about “You”, such as: “Your” IP address, the type of browser “You” use, and the website “You” visited before visiting our Website or Identity Automation Platform.

If “You” are using the IAM Platform and service as an Educational Institution, student information may be visible during Customer Support and/or Troubleshooting. Personally identifiable information such as student name, student email address, file names, creation dates of files, login dates and times, and third-party applications which students use could be viewed on our service by Product Support Staff.

Hosting Services:

Customer acknowledges that Identity Automation (IAM Platform) may operate on one or more third-party cloud computing platforms and that Identity Automation shall have the right to change or add to the cloud computing platforms on which its Services operate. Identity Automation shall ensure that any such third party cloud platform provider(s) are covered by an annual SSAE16 SOC2 Type 2 (or higher standard) audit.

Identity Automation collects and stores information to monitor and maintain the Identity Automation Service to “You”. Such information includes system health and availability, CPU and disk utilization over time, etc. The sole purpose of collecting this data is to monitor the availability of “Your” service and to respond to failures in order to restore the service.

Identity Automation also aggregates anonymized “User Data,” including document and user meta-data, usage and volume statistical information, and other statistics (but not contact information) from our visitors and Users and may provide such anonymous aggregated information to third parties.

Automatic Collection of Information:

Even if “You” only browse through an Identity Automation “Website” and read the information contained on any Identity Automation “Website” pages, Identity Automation will nevertheless gather certain information about “Your” visit automatically. This information does not identify “You” personally, but may, for example, reflect how “You” found or were directed to or used Identity Automation’s “Website.” Any Identity Automation “Website” may log “Your” computer’s IP address when “You” use any portion of any Identity Automation “Website.” An IP address, is automatically assigned to “Your” computer when “You” access the internet, and is used by web servers to identify “Your” computer. Identity Automation logs IP addresses for system administration, for auditing the use of the “Website,” and for collecting statistical information for marketing and other purposes.

It also may collect the name and URL of the website that “You” visited immediately preceding “Your” visit to Identity Automation’s “Website.” Identity Automation may use this type of non-“Personal Information” on a cumulative basis to better understand what pages “Visitors” and prospective customers access or visit, and Identity Automation may disclose this information to business and trade partners.

Voluntarily-Provided Information:

When “You” participate in, access, or sign up to receive any of Identity Automation’s services, activities, or online content, such as email publications, blogs, newsletters, or webinars, Identity Automation may receive “Personal Information” about “You.” This may consist of contact information, but may also include other “Personal Information.” Identity Automation will use “Your” “Personal Information” for a number of purposes which include, responding to “Your” requests for information, blogs or newsletters, adding “Your” details to Identity Automation’s list of persons who receive blog updates or other publications, and providing these to “You” on a regular or as-requested basis.

Identity Automation will also compile data based on responses received from “Visitors” in order to allow Identity Automation to analyze the experience of “Visitors” so that Identity Automation can improve the services that Identity Automation currently offers and to allow Identity Automation to predict future products or services that Identity Automation may consider offering. This information may also be used by Identity Automation for its business purposes and shared with Affiliates for their business purposes. The data that Identity Automation compiles from responses received from “Visitors” to any “Website” may also be shared with third parties that deliver services to Identity Automation. One of the purposes of sharing such information with third party service providers is to allow them and Identity Automation to analyze the profile of “Visitors” to any Identity Automation “Website” and help them and Identity Automation to provide a better “Visitor” experience. Information may also be shared with other third parties for purposes which are described later on in this “Privacy Policy.” By using any Identity Automation “Website” and providing this information, “You” are agreeing to these uses of “Your” information. If “You” do decide to provide information through any Identity Automation “Website” or to otherwise contact Identity Automation, then it is implied that “You” consent to receiving a response from Identity Automation to “Your” email address or via other contact information that “You” provided to Identity Automation. Note that requesting information using any Identity Automation “Website” does not give “You” a right to receive a response. Other than as particularly described in this “Privacy Policy”, any requests for information will be responded to entirely at the discretion of Identity Automation, and there is no obligation on the part of Identity Automation to respond to such requests or to provide any responsive information unless by Federal or legal obligation.

Change Management of Privacy Policy

Identity Automation may amend this “Privacy Policy” from time to time by posting a revised policy on this Website, or a similar Website that replaces this Website. If Identity Automation amends the “Privacy Policy”, the new policy will apply to “Personal Information” previously collected only insofar as the rights of the individual affected are not reduced. If Identity Automation makes substantial changes to this “Privacy Policy”, Identity Automation will endeavor to notify “You” of such changes (e.g., by email or an alert on any Website for a period of time). However, regularly reviewing this page is the best method to ensure “You” are always aware of the information Identity Automation collects, how it is used and under what circumstances.

Identity Automation may amend this “Privacy Policy” from time to time by posting a revised policy on this Website, or a similar Website that replaces this Website. If Identity Automation amends the “Privacy Policy”, the new policy will apply to “Personal Information” previously collected only insofar as the rights of the individual affected are not reduced. If Identity Automation makes substantial changes to this “Privacy Policy”, Identity Automation will notify “You” of such changes by email, in writing or an alert on any Website 30 days in advance of the change; For the schools, we will send to the Educator on record. Regularly reviewing this page is the best method to ensure “You” are always aware of the information Identity Automation collects, how it is used and under what circumstances.

Children’s Personal Information Policy

Identity Automation does not knowingly solicit any “Personal Information” from children under the age of 13. If Identity Automation is made aware that Identity Automation has collected “Personal Information” from a child under 13 years old in a manner that is inconsistent with the Children’s Online Privacy Protection Act of the United States, then Identity Automation will delete this information as soon as practicable.

Access and Data Integrity

To the extent that “You” do provide “Personal Information” to Identity Automation, Identity Automation wishes to maintain accurate “Personal Information”. Where Identity Automation collects “Personal Information” from “You” on any Identity Automation “Website,” Identity Automation’s goal is to provide “You” with a means of contacting Identity Automation should “You” need to update or correct that, “Personal Information.” If for any reason those means are unavailable or inaccessible, “You” may send updates, corrections, and requests for deletion or removal of “Your” “Personal Information” to privacy@identityautomation.com, and, if such “Personal Information” is within Identity Automation’s possession, Identity Automation will make reasonable efforts to incorporate the changes to “Your” “Personal Information” as soon as practicable.

Applicants:

In addition, Identity Automation may collect “Personal Information” such as name, phone number, email address and desired position from Visitors to the Career Portal (https://careers-identityautomation.icims.com) of the Identity Automation Website (“Applicants”). Identity Automation also collects information contained on resumes voluntarily uploaded or sent by Applicants, as well as any other information or documentation sent to Identity Automation via the Career Portal.

Hosting Services:

Identity Automation may use certain third party hosting service providers (“Hosting Service Providers”) to provide “You” with access to materials or services through the Identity Automation “Website.” Some Hosting Service Providers may require “You” to create an account and provide “Personal Information” to access certain materials and services. “You” should review the provided links to the “Privacy Policy” of each such “Hosting Service Provider” to ensure “You” are comfortable with their privacy practices before providing any “Personal Information.” Please note that our “Hosting Service Providers” may use, store or otherwise process “Your” “Personal Information” in the United States or jurisdictions other than the jurisdiction in which “You” reside. Identity Automation will be liable for a “Hosting Service Provider’s” compliance with the terms of this “Privacy Policy” with respect to “Personal Information” that Identity Automation provides to such “Hosting Service Provider.” However, Identity Automation has no control over and disclaims all liability for a “Hosting Service Provider’s” failure to comply with its own privacy policies with respect to “Personal Information” “You” provide directly to such “Hosting Service Provider.”

Forum Posts:

Identity Automation may also receive information from “Visitors” via any blogs, forums, or comments pages that are maintained on any Identity Automation “Website” for public comment by “Visitors.” Note that if “You” provide any “Personal Information” via any page of the Identity Automation “Website” maintained for public comment, “Your” information will be publicly available and is subject to public disclosure. If “You” provide such “Personal Information,” “You” acknowledge that Identity Automation is not liable for any public access to such information.

Data Collection:

Portions of the Identity Automation Service and the “Website” contain functions for collecting “Personal Information” including names and email addresses as well as an individual’s or account’s access history. We may also collect and track other personally identifiable and non-personally identifiable information about “You”, such as: “Your” IP address, the type of browser “You” use, and the website “You” visited before visiting our Website or Identity Automation Services. 

If “You” are using the service as an Educational Institution, please click here. 

If “You” register to use the Identity Automation Service or express interest in obtaining additional information, we require “You” to give us “Your” contact information, such as “Your” name, company name, address, and email address. We may also ask for additional “Personal Information”, such as title, phone number, department name or additional company information, such as annual revenues, number of employees, or industry. “You” can opt out of providing this additional information by not entering it when asked.

Third-Party Service Providers

It’s important to us that we keep “Your” information safe and secure. In order to help Identity Automation provide, maintain, protect and improve our services, Identity Automation shares information with other partners, vendors and trusted organizations to process it on our behalf in accordance with our instructions, “Privacy Policy”, and any other appropriate confidentiality, security or other requirements we deem appropriate. These companies will only have access to the information they need to provide the Identity Automation service.

“You” can find information on these partners and service providers we work with below, including what data we share with them or they provide to us, the service they provide for Identity Automation and links to their respective privacy policies. This list may change over time, and we’ll work hard to keep it up-to-date. If “You” have any questions, please get in touch here.

Third Party Service Providers

Google – Used for Email 

Salesforce – Used for Internal documentation, Client contact information, Client ticketing information, Delivery and Customer Management

Amazon Web Services – Data delivery and Data Storage

Info Shared: Data Movement, Storage and Container Size

Atlassian – Used for internal Development Teams

Info Shared: None

Intacct – Used for Customer Payment history and billing

Hubspot – Marketing Data Collection

Info Shared: None

Info Received: Any information provided by a potential prospect or existing client.

Paypal – Payment Acceptance

Info shared: Customer details (name, phone), order details. The financial information is collected directly by processor and not collected, transmitted or shared by Identity Automation. User must separately have a PayPal account.

Authorize.net – Payment Acceptance

Info shared: Customer details (name, phone), order details. The financial information is collected directly by processor and not collected, transmitted or shared by Identity Automation. User must separately have an Authorize.net account.

Definitive Healthcare – Third Party Database of Customer Data

Info Shared: None

Info Received: Potential Healthcare client detail, business, organization, contact information

DiscoverOrg – Third Party Database of Customer Data

Info Shared: None

Info Received: Potential lines of business detail, organization, organization type, contact information

BrickFTP – Delivery of Software and Licenses for Healthcare products

Info Shared: Healthcare license information, including length of license

ChurnZero – Used internally to measure our Customer Success

Info Shared: None

SmartSheets – Used internally by our Project Management teams to manage project delivery

Info Shared: None

EST Group – Vendor for Delivery

Info Shared: Client detail, vendor will have access to “Your” details during deployment of our services

Svitla Systems – R&D Contractor

Info Shared: Product information, non client facing or client inclusive data

Avalara – Sales Tax and exemption platform

Info Shared: Customer location, Tax ID number, Payment Detail

LogMeIn, Inc. – Webinar, Training and Support Assistance platform

Info Shared: Customer contact information including name and email address

PagerDuty – Support and escalation

Info Shared: None

Tropo – SMS Service

Info Shared: Client contact information

FERPA/COPPA

Where “Personal Information” (PII) originates from a student or school, Identity Automation agrees to comply with FERPA and COPPA Frameworks, respectively. With respect to such “Personal Information”, to the extent of any conflict between the terms and conditions listed in this “Privacy Policy” and FERPA and COPPA Frameworks, the FERPA and COPPA controls govern. More information on FERPA and COPPA regulations can be found at https://www2.ed.gov/ferpa and https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule 

Using the service as an Educational Institution, Student information may be visible during Customer Support and/or Troubleshooting. Personally identifiable information such as Student Name, Student Email Address, file names, creation dates of files, login dates and times, and third party applications which students use could be viewed on our service by Product Support Staff.

Rights, including all intellectual property rights around student and faculty information, shall remain the exclusive property of the School/District, and Member Company has a limited, nonexclusive license solely for the purpose of performing its obligations as outlined in the Agreement.

Registered Account Information from School/Educators and the Student Information that may be visible during Customer Support:

Names
Emails
Enrollments
Telephone Numbers
Files
Creation Dates
Login Dates and Times
Third Party Applications

OWNERSHIP OF USER DATA 

The Services may allow “You” to track and gather a range of data and information regarding “Your” employees, agents, independent contractors, and students (“User Data”). “You” shall retain all title to and ownership of and all proprietary rights with respect to “User Data,” and shall be solely responsible for its use thereof. “You” are also responsible for securing and backing up “Your” “User Data.” “You” hereby grant Identity Automation a worldwide, royalty-free, and non-exclusive license to access and use “User Data” for the sole purpose of enabling Identity Automation to provide the Services, and for the limited purposes set forth in Identity Automations “Privacy Policy”.

Identity Automation may also use tracking technologies that record information such as Internet domain and host names; Internet protocol (IP) addresses; browser software and operating system types; clickstream patterns; and dates and times that any Identity Automation “Website” are accessed by “Visitors.” Identity Automation may also analyze information that does not contain “Personal Information” (or contains “Personal Information” in anonymous or aggregated form) for trends and statistics, such as through the use of Google Analytics or other similar analytics services.

We keep “Personal Information” until we no longer need it to provide “You” with the Service. We will not retain student “Personal Information” for any longer than is necessary for educational purposes and legal obligations, or to provide the Service for which we receive or collect the student “Personal Information”. In addition, we only keep student “Personal Information” for as long as the student’s account is active, unless we are required by law or the student’s school to retain it, or need it to protect the safety of our users. Note that some content may be kept after an account is deleted for school legal compliance reasons (e.g. maintenance of “education records” under FERPA or “student records” under various state student privacy laws). Please click here to request information on how to terminate or delete “Your” child’s account.

Student information may be visible during Customer Support and/or Troubleshooting. Personally identifiable information such as Student Name, Student Email Address, file names, creation dates of files, login dates and times, and third party applications which students use could be viewed on our service by Product Support Staff.

Identity Automation may collect IP address information from children which we use for the purpose of providing support for the client operations of our service, for things such as access management and diagnosing user connectivity issues. We do not share this information with any third parties, except for those service providers deemed necessary by the operating school or client to help us provide the service by performing tasks on their behalf. We do not use IP address information collected from children to contact them, including through behavioral advertising, or for any other purpose. Additionally, we delete or de-identify IP address information every six (6) months. 

For more information on IP address and COPPA please see the FTC’s COPPA FAQ I.5.

“You” can always delete “Your” account by visiting “Your” account settings, or simply contacting us as described in the Contacting Identity Automation section below. For more information on what happens when “You” delete “Your” account, click here. Please note that some content will not be deleted given various compliance and recordkeeping obligations schools have. Please contact “Your” (or “Your” child’s ) school if “You” would like this content deleted. If the school determines that the request should be implemented, they may submit a request to us.

Choice, Security, Access and Accuracy of Your Information Choice

“You” may choose whether or not to provide certain “Personal Information” to Identity Automation. Please review the full contents of this “Privacy Policy” (including the section entitled “Collection, Use and Purpose Limitations of “Your” Information) before making that choice. If “You” choose not to provide the “Personal Information” Identity Automation requests, “You” can still visit some of Identity Automation’s “Websites,” but “You” may be unable to access certain options, offers, and services.

If “You” chose to have a relationship with Identity Automation, such as a contractual or other business relationship or partnership, Identity Automation will naturally continue to contact “You” in connection with that relationship.

Choices and Product Support:

If “You” wish to access, modify or delete other “Personal Information” that “You” have provided to Identity Automation, such as “Your” address, please contact us at privacy@identityautomation.com or (877) 221-8401, for assistance.

We will retain “Your” information for as long as “Your” account is active or as needed to provide “You” services. Please contact us if “You” wish to cancel “Your” account or request that we no longer use “Your” information to provide “You” services. We will retain and use “Your” information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Identity Automation participates in the iKeepSafe Safe Harbor program. If “You” have any questions or need to file a complaint related to our “Privacy Policy” and practices, please do not hesitate to contact the iKeepSafe Safe Harbor program at COPPAprivacy@ikeepsafe.org

Security

Wherever “Your” “Personal Information” may be held within Identity Automation or on its behalf, Identity Automation intends to take reasonable and appropriate steps to protect the “Personal Information” that “You” share with us from unauthorized access or disclosure. Identity Automation trains its employees on the “Privacy Policy” guidelines and makes this “Privacy Policy” available to Identity Automation’s business partners. In addition, Identity Automation and its business partners enter into confidentiality agreements which require that care and precautions be taken to prevent loss, misuse, or disclosure of “Your” “Personal Information”. Identity Automation also processes “Personal Information” only in ways compatible with the purpose for which it was collected or subsequently authorized by “You.” To the extent necessary for such purposes, Identity Automation takes reasonable steps to make sure that “Personal Information” is accurate, complete, current, and otherwise reliable with regard to its intended use. Notwithstanding the foregoing, although Identity Automation takes reasonable measures to protect “Your” “Personal Information”, unfortunately the transmission of data through the Internet cannot be guaranteed to be 100% secure. Neither Identity Automation, nor its Affiliates, nor any of their respective employees, officers or agents or the provider of the internet services on behalf of Identity Automation or the creator of any Identity Automation “Website” (nor any other person involving the management or establishment of any Identity Automation “Website” or otherwise involved in respect of any Identity Automation “Website”) can give any representation or warranty as to the absolute security of the data transmitted using any Identity Automation “Website” and cannot give any guarantee that such data will not be compromised by bad actors.

If Identity Automation becomes aware of a systems security breach by an unauthorized party or that any “User Data” was used for an unauthorized purpose, we will comply with relevant state and other data breach laws. We will notify users of any breach resulting in unauthorized release of data electronically, at minimum, and without unreasonable delay so that “You” can take appropriate steps. The notification will include: date of the breach, the types of information that were subject to the breach, general description of what occurred, and steps Identity Automation is taking to address the breach.

GDPR

GDPR Principles

Identity Automation complies with the principles of GDPR. The six overall guiding principles are:

  1. Lawfulness, transparency and fairness
  2. Purpose Limitation
  3. Data Minimization
  4. Accuracy
  5. Storage Limitation
  6. Confidentiality and Integrity

“Your” privacy and security is of the utmost importance to us. We will always follow these principles and ask “You” how “You” would like us (or our partners) to communicate with “You”. The Cyber Security Manager monitors and maintains our commitment to the regulation of information with GDPR.

Where “Personal Information” originates from the European Economic Area or Switzerland and is transferred to the United States, Identity Automation agrees to comply with the EU-General Data Protection Regulation, Swiss-U.S. Privacy Shield Frameworks, respectively. With respect to such “Personal Information”, to the extent of any conflict between the terms of this “Privacy Policy” and the “GDPR” or Privacy Shield Principles, the “GDPR” and/or Privacy Shield Principles govern. More information on the General Data Protection Regulation. and Swiss-U.S. Privacy Shield programs can be found at https://www.privacyshield.gov and https://gdpr-info.eu/. 

Disclosures, Sharing and Onward Transfers of Your Information

Identity Automation will not disclose or provide “Your” “Personal Information” to third parties, except when one or more of the following conditions is true:

  • To provide products or services that “You” have requested from Identity Automation;
  • Identity Automation has “Your” permission to make the disclosure;
  • The disclosure is required by a lawful request by public authorities;
  • The disclosure is reasonably related to a Transfer (see “Transfer or Information” section below);
  • The information in question is publicly available;
  • The information is seen by third parties who provide web services or professional services to Identity Automation (including Payment Processors);
  • The information is used to investigate and correct technical problems and malfunctions in any Website or the computer systems that support any Website;
  • The information is necessary to investigate, prevent or take action with regard to a violation of any Website or in respect of the Terms and Conditions or to verify or enforce compliance with the policies (including but not limited to the “Privacy Policy”) governing any Website;
  • The disclosure is reasonably necessary for the establishment or defense of legal claims, or to investigate, prevent or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person; or
  • The disclosure is to another Identity Automation entity, Affiliate or to persons or entities providing services on Identity Automation’s behalf (each a “transferee”), consistent with the purpose for which the information was obtained, if the transferee, with respect to the information in question:
    • is subject to law providing an adequate level of privacy protection; or
    • has agreed in writing to provide an adequate level of privacy protection; or
    • subscribes to the Privacy Shield Principles.

Identity Automation values data privacy and will request that such third parties use “Personal Information” only for the purposes disclosed in this “Privacy Policy” with respect to “Personal Information” originating from the European Economic Area or Switzerland, Identity Automation remains liable under the EU-U.S. Privacy Shield or U.S.-Swiss Safe Harbor, as applicable, if its third-party agents engaged to process such information on its behalf do so in a manner inconsistent with such frameworks, except to the extent that Identity Automation can show that its actions and omissions did not directly cause such inconsistency.

Permitted transfers of information, either to third parties or within Identity Automation, include the transfer of data from one jurisdiction to another, including transfers to and from the United States. Because privacy laws vary from one jurisdiction to another, “Personal Information” may be transferred to a jurisdiction where the laws provide less or different protection than the jurisdiction in which the information originated.

Contact lists and information are properly considered assets of Identity Automation’s business. Accordingly, if Identity Automation merges with another entity or if Identity Automation assets are acquired by a third-party (collectively referred to as a “Transfer”), Identity Automation’s contact lists and information, which may include “Personal Information” “You” have provided Identity Automation, would be included among the assets that would be transferred and Identity Automation would request that the entity treat “Your” information in accordance with this “Privacy Policy”. This same provision is applicable for each Affiliate of Identity Automation.

Ownership and Storage of Information

Identity Automation owns the code, databases, and all rights to all “Websites” and any feedback “You” provide; provided that, as between “You” and Identity Automation, subject to the terms of this “Privacy Policy”, “You” retain all rights to the “Personal Information” “You” provide to Identity Automation through any “Website.” If “You” incorporate into feedback any User Content, “You” hereby grant Identity Automation a worldwide, non-exclusive, royalty-free, sub-licensable and transferable license to use, reproduce, distribute, prepare derivative works of, and display the User Content when operating any “Website” and for Identity Automation’s internal business purposes.

Identity Automation may store “Personal Information” up to six months that “You” provide to Identity Automation or any of its Affiliates through any “Website” and will destroy such information in accordance with any policy or directive of Identity Automation or any of its Affiliates for destruction of data or as required by the Privacy Shield Principles or U.S.-Swiss Safe Harbor Principles, as applicable. For so long as Identity Automation stores such information, Identity Automation will comply with the Privacy Shield Principles with respect such information originating from the European Economic Area and with the U.S.-Swiss Safe Harbor Principles with respect to information originating from Switzerland.

For the purposes of COPPA consent, Identity Automation uses school consent.

By allowing students to utilize Identity Automation as an IAM Platform (Identity and Access Management) in the classroom you affirm that you have all necessary consents required to comply with state and federal regulations. 

Privacy Policies and Links to Third-Party Websites

Any Website may contain or reference links to non-Identity Automation websites. The linked sites are not under the control of Identity Automation and Identity Automation is not responsible for the content of any third-party website or any link contained in a third-party website, or any changes or updates to such sites. The inclusion of a link within any Website does not imply any endorsement by or any affiliation with Identity Automation. Access to any third-party website is at “Your” own risk, and “You” should be aware that third-party websites may contain privacy policies that have terms that are different from that of this “Privacy Policy”.

In connection with “Your” use of any Website, “You” may be made aware of services, products, articles, offers, and promotions provided by third parties, and not by us. If “You” decide to use these third-party services, “You” are responsible for reviewing and understanding the privacy policies governing those services. “You” agree that the third party, and not Identity Automation, is responsible for all data privacy obligations related to the “Personal Information” “You” provide to such third party and “You” expressly relieve Identity Automation and its Affiliates from any and all liability arising from or related to such “Personal Information”.

HIPAA

Notice of Information Practices and Privacy Statement

For Identity Automation

Identity Automation
7102 N Sam Houston Pkwy W, Ste 300
Houston, TX 77064
USA

Telephone: +1 (877) 221-8401

Email: privacy@IdentityAutomation.com

How We Collect Information About You: Identity Automation. (IA) and its employees may collect data through a variety of means including but not necessarily limited to letters, phone calls, emails, and voicemails or other requests for assistance through our organization.

What We Do Not Do With “Your” Information: Information about “Your” medical care that is accessible to us directly or indirectly is held in strictest confidence.

We do not give out, exchange, barter, rent, sell, lend, or disseminate any information about clients that are considered patient confidential, is restricted by law, or has been specifically restricted by a patient/client in a signed HIPAA consent form.

How We Do Use “Your” Information: Information is only used as is reasonably necessary to help provide “Your” healthcare or counseling organization with services.

Information We Do Collect: We do use cookies on our website to collect data from our site visitors. We do use some affiliate programs that may or may not capture traffic data through our site. To avoid potential data capture that “You” visited an affiliate website simply do not click on any of our outside affiliate links.

Limited Right to Use Non-Identifying Personal Information From Biographies, Letters, Notes, and Other Sources: Any pictures, stories, letters, biographies, correspondence, or thank “You” notes sent to us become the exclusive property of IA. We reserve the right to use non-identifying information about our clients (those who receive services or goods from or through us) for promotional purposes that are directly related to our mission.

Clients will not be compensated for use of this information and no identifying information (photos, addresses, phone numbers, contact information, last names or uniquely identifiable names) will be used without the client’s express advance permission.

“You” may specifically request that NO information be used whatsoever for promotional purposes, but “You” must identify any requested restrictions in writing. We respect “Your” right to privacy and assure “You” no identifying information or photos that “You” send to us will ever be publicly used without “Your” direct or indirect consent.

Contact Information, Recourse and Enforcement

Identity Automation offers “You” certain choices in connection with the “Personal Information” collected from “You”. To update “Your” preferences, have “Your” information removed from Identity Automation mailing lists, or to submit a request, please contact Identity Automation as indicated below. To the extent provided by law, “You” may request access to the “Personal Information” we maintain about “You” or request that we correct, amend, delete or block the information by contacting Identity Automation at the contact addresses indicated below. Where provided by law, “You” may withdraw any consent “You” previously provided to Identity Automation or object at any time on legitimate grounds to the processing of “Your” “Personal Information”, and Identity Automation will apply “Your” preferences going forward.

If “You” wish to access, modify or delete other “Personal Information” that “You” have provided to Identity Automation, such as “Your” address, please contact us at privacy@identityautomation.com or (877) 221-8401, for assistance.

We will retain “Your” information for as long as “Your” account is active or as needed to provide “You” services. Please contact us if “You” wish to cancel “Your” account or request that we no longer use “Your” information to provide “You” services. We will retain and use “Your” information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. 

For disputes regarding Identity Automation’s collection or use of “Your” “Personal Information” or for more information, or questions or comments concerning the “Privacy Policy”, please contact Identity Automation at:

Identity Automation
7102 N Sam Houston Pkwy W, Ste 300
Houston, TX 77064
USA

Telephone: +1 (877) 221-8401

Email: privacy@IdentityAutomation.com

“You” may also stop email messages and other promotional mailings by contacting Identity Automation at the above address or email.

Our goal is to resolve all disputes through our internal processes. If “You” have a complaint regarding our collection, use, disclosure or retention of “Personal Information” originating from the European Economic Area or Switzerland that cannot be resolved through those processes, “You” may (1) submit the complaint to the relevant data protection authorities, EU Data Protection Authorities and Swiss Federal Data Protection and Information Commissioner (FDPIC) (“DPAs”); (2) at no cost to “You”, resolve the complaint through JAMS using this link: https://www.jamsadr.com/eu-us-privacy-shield; or (3) provide notice to Identity Automation that “You” desire to resolve the complaint through binding arbitration. Identity Automation is subject to the enforcement powers of the U.S. Federal Trade Commission. In the event that we or such authorities determine that we did not comply with this “Privacy Policy”, we will take appropriate steps to address any adverse effects and to promote future compliance.