What does this Policy cover?
Imprivata respects your privacy and is committed to protecting your information and complying with all applicable privacy laws in the conduct of its business. Privacy laws in the United States, European Economic Area (EEA), and other locations may govern the proper use, processing, disclosure, storage, and protection of Personal Data. This statement describes Imprivata's practices regarding the use and disclosure of Personal Data that may be collected through its marketing activities and Sites.
- What information Imprivata collects and why Imprivata collects it.
- How Imprivata uses that information.
- The categories of third parties to which Imprivata may send that information.
- International transfers of data
- The ways in which you can exercise your data subject rights, including how to access and update information.
What type of information does Imprivata collect and why?
Our primary goal in collecting information is to provide you with a friendly, customized, and efficient experience. Imprivata collects the following types of information:
- Other Information. "Other Information" is any information that does not and cannot be used to reveal your identity or that of another individual, such as information which has been fully and permanently anonymized and aggregated. Imprivata uses this information to facilitate its operation of the Sites and for other purposes described below.
- Sensitive Data. Imprivata does not collect Sensitive Data for the purposes defined herein.
Imprivata does not knowingly collect Personal Data from children under the age of 13. If you are under the age of 13, please do not provide any information to Imprivata. If Imprivata becomes aware that it has collected Personal Data from a child under the age of 13, Imprivata will make commercially reasonable efforts to delete such information from its systems.
How does Imprivata collect information?
Imprivata and its service providers collect Personal Data and Other Information in a variety of ways, including:
Through the Sites:
Imprivata collects information through the Sites, e.g., when you request a demo, register for a webinar, contact Imprivata, subscribe to its digital communications, download content (e.g., whitepapers, analyst reports, etc.), register to use its Sites, apply for employment, etc.
Imprivata collects information from you offline, such as when you attend one of its events or its booth at trade shows and exhibits, during phone calls with sales or customer support representatives, or when you contact an Imprivata representative. Phone (or videoconference) calls may be recorded for quality, training, and administration purposes.
From Other Sources:
In order to enhance its ability to provide relevant marketing, offers, and services to you, Imprivata obtains information about you from other sources, such as public and third-party databases, joint marketing partners, social media platforms, and from other third parties.
Through Your Browser or Device:
Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, device type (computer, tablet, smartphone, etc.), screen resolution, operating system name and version, language, Internet browser type and version, and the name and version of the Sites you are using. Your Internet Protocol (IP) Address is a number that is automatically assigned to the device that you are using by your Internet Service Provider (ISP). An IP Address may be identified and logged automatically in Imprivata's server log files whenever you access the Sites, along with the time and or length of the visit and the page(s) that you visited. Collecting IP Addresses is standard practice and is done automatically by many websites, applications, and other services. Imprivata uses IP Addresses to calculate usage levels of the Sites, help diagnose problems with its servers, administer the Sites, and for monitoring the regions from which you navigate to Imprivata's Sites. If you use a mobile device to access its Sites, Imprivata may receive information about the location of your device. In some cases, even if you are not using a mobile device, information about your general location may be discernible from your device’s IP address or the URLs Imprivata receives.
As a Customer:
Imprivata collects information such as your location, use of Imprivata solutions, your preferred means of communication when you voluntarily provide it in subscription center or otherwise. Unless combined with Personal Data, this information does not personally identify you or any other user of the Sites. Imprivata, and its service providers, track and collect App usage data, such as the date and time the App on your device accesses its servers and what information and files have been downloaded to the App based on your device number.
Imprivata collects Personal Data only when you provide such information directly to Imprivata in connection with a Product or Service offering. Imprivata asks for Personal Data such as your name and e-mail address when you correspond with Imprivata for information or support. Imprivata may also retain any messages you send to Imprivata through the Service and may collect content and information you provide through logs.
Imprivata may, from time to time, contact you to request your voluntary feedback on Imprivata products and services through surveys, beta agreements, research studies, etc.
Through Cookies and Other Similar Technologies:
Aggregated Personal Data does not personally identify you or any other user of the Sites (for example, Imprivata may aggregate Personal Data to calculate the engagement of its marketing content by region).
Will Imprivata share any of the information it receives?
Imprivata neither rents nor sells your Personal Data to anyone. Imprivata may disclose Personal Data to approved third party data processors retained or contracted by Imprivata, such as business partners and subcontractors, including, without limitation, affiliates, vendors, service providers and suppliers. Imprivata may share certain Personal Data with third parties who conduct marketing studies and data analytics, including those that provide tools or code which facilitates Imprivata’s review and management of its Sites and services, such as Google Analytics or similar services from other providers. Details on how Imprivata shares Personal Data is described below:
Subsidiaries and Affiliates:
Agents and Service providers:
Imprivata contracts with other companies and people to perform tasks on its behalf and may need to share your information with them to provide products or services to you. Examples may include removing repetitive information from customer lists, analyzing data, providing marketing assistance, billing or processing credit card payments, hosting its Sites and Service Offerings, providing customer service or technical support, and supporting its customer service or technical support personnel with productivity tools that may store your Personal Data. Imprivata may also provide your Personal Data to agents who will use it to verify aggregate usage data that Imprivata provides to its partners. In all cases where Imprivata shares your information with such agents, Imprivata explicitly requires the agent to acknowledge and adhere to Imprivata's privacy and customer data handling policies.
Imprivata custom portal and social media pages:
Personal Data may also be disclosed by you through the Sites, on message boards, chat, profile pages, and other services to which you are able to post information and materials (including, without limitation, the Imprivata Support and Learning Center and the Social Media Pages). This information can appear in public ways, such as through search engines or other publicly available platforms and can be "crawled" or searched by third parties. Please do not post any information that you do not want to reveal to the public at large.
Imprivata may send offers to certain customers on behalf of other businesses with whom Imprivata has a partnership. However, when Imprivata does so, Imprivata does not give the other business your Personal Data. Imprivata will always ask for your permission if Imprivata intends to share your Personal Data in this manner.
In some cases, Imprivata may choose to buy or sell assets or businesses. In these types of transactions, customer information is typically one of the business assets that are transferred. Moreover, if Imprivata, or substantially all of its assets, were acquired, customer information would be one of the assets that is transferred.
Profiling and Automated Decision-making:
Imprivata combines data obtained by the methods described in Section 3 to help it determines what products and services might be of interest to you when you might be ready to make a purchase based on repeated interaction with Imprivata and certain third-party websites, emails, and content. Imprivata marketing and sales personnel are involved in this process and no automated decisions are made that would result in legal effects or similarly significantly affect an individual.
Protection of Imprivata and others:
Imprivata may release Personal Data when Imprivata believes in good faith that release is necessary to comply with that law; enforce or apply its conditions of use and other agreements; or protect the rights, property, or safety of Imprivata, its employees, its users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. Imprivata releases Personal Data, as Imprivata believes necessary and appropriate to law enforcement, tax, fraud prevention, credit risk agencies, other companies and organizations, as well as any other lawfully permitted or mandated third parties.
With your consent:
Will Imprivata sell my information?
Imprivata does not sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate orally, in writing, by electronic, or other means the Personal Data it collects from you to another business or third party for monetary or other valuable consideration.
How will Imprivata communicate with me?
Service Email: As someone with an active account, Imprivata may send you service-related email messages, which are not promotional in nature, on occasions and when it is necessary. Similarly, if you request assistance with a Site or one of its products or services, Imprivata will communicate with you through email or other online help sessions until Imprivata has addressed your questions.
Customer Service: Based upon the information you provide it, Imprivata will communicate with you in response to your inquiries, to provide the services you request, and to manage your account. Imprivata may communicate with you by email, through an online help forum, or by telephone.
Newsletters and Promotions: If you register for its newsletters, whitepapers, and/or other educational or promotional content, or otherwise indicate your interest in its Products and/or Services, Imprivata will follow up via email and telephone with recommendations for its products and services based on your likely interests. You can unsubscribe or opt/out of any or all email marketing you may receive at any time.
Is information about me protected and secure?
Imprivata considers information security to be a top priority and is committed to protecting the security of your Personal Data. Imprivata does not collect more information than is necessary and implements systems, applications, and procedures to secure Personal Data, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information, in particular, where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. When Imprivata transmits highly confidential data over the Internet, Imprivata protects it through encryption.
Imprivata has comprehensive security policies and accompanying procedures which include but are not limited to access controls, encryption, 3rd party risk management, etc. All information collected and stored by Imprivata is maintained in secure data centers and/or otherwise subject to best practice access protection. Only employees or contractors who need customer information to perform a specific job (for example, a customer service representative) are granted access to it. All Imprivata employees and contractors are required to keep up to date on Imprivata's privacy and security practices and are subject to confidentiality agreements and regular training.
Your Personal Data may be stored and processed in any country where Imprivata has facilities or in which Imprivata engages service providers, and by using the Sites or disclosing information to Imprivata you consent to the transfer of information to countries outside of your country of residence, which could have different data protection rules than those of your country or the country in which you were located when you initially provided the information. Where required, Imprivata puts in place a solution to ensure that Personal Data transferred outside of the EEA is subject to adequate protection.
Imprivata complies with the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, and the UK Extension to the EU-U.S. Data Privacy Framework (collectively, the “Data Privacy Framework”). Imprivata is committed to subjecting all Personal Data received from European Union (EU) member countries, the United Kingdom, and Switzerland, respectively, in reliance on each Data Privacy Framework, to the Data Privacy Framework’s applicable Principles. To learn more about the Data Privacy Frameworks, and to view Imprivata's certification, visit the U.S. Department of Commerce’s Data Privacy Framework website: https://www.dataprivacyframework.gov/. Click here to access Imprivata’s Data Privacy Framework Policy.
Imprivata is responsible for the processing of Personal Data it receives, under the Data Privacy Framework, and subsequently transfers to a third party acting as an agent on its behalf. Imprivata complies with the Data Privacy Framework Principles for all onward transfers of Personal Data from the EU, the United Kingdom, and Switzerland, including the onward transfer liability provisions.
With respect to Personal Data received or transferred pursuant to the Data Privacy Framework, Imprivata is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
What are my rights as a data subject?
The right to access your Personal Data, including the categories of Personal Data, the categories of sources of Personal Data, the business or commercial purpose for collecting and disclosing your Personal Data, and the specific pieces of Personal Data we collected about you.
The right to know whether your Personal Data is sold, shared, or disclosed and to whom.
The right to opt out of sale or sharing of your Personal Data.
The right to request that Imprivata delete some or all the Personal Data Imprivata collected about you.
The right against discrimination or retaliation and right to equal service and price, even if you exercise your privacy rights.
The right to ask us to transmit your Personal Data that Imprivata collected about you directly to you or to another provider (where technically feasible).
Rectification or correction of information: the right to request that Imprivata correct or amend any of the Personal Data that Imprivata collected about you.
The right to withdraw your consent to the processing of your Personal Data.
The right to request that Imprivata restrict or limit some or all of the processing of your Personal Data, including sensitive Personal Data.
The right to lodge a complaint regarding Imprivata's collection, sharing, and processing of Personal Data with competent authorities in the proper jurisdiction.
The right to not have to identify yourself, or of using a pseudonym in certain circumstances.
The right to stop receiving unwarranted direct marketing.
The right against automated decision making.
How can I exercise my rights?
If you would like to exercise any of your data subject rights, submit a consumer request to email@example.com. Imprivata will need to verify your identity in order to process any requests and will need your name, email address, and phone number to do so. Imprivata responds to requests within 30 days. If a request requires additional time to be processed, Imprivata will notify you in writing. Certain exceptions apply in the law. If your request is denied, Imprivata will provide you with the reasons for such a denial.
You can opt-out of receiving marketing messages from Imprivata by unsubscribing through the unsubscribe or opt-out link in an email, or by unsubscribing via the Imprivata Subscription Center: https://security.imprivata.com/email-subscription-center.html. If you need additional assistance, you may reach out to firstname.lastname@example.org. Imprivata will never discriminate against you for exercising your rights as a consumer.
Imprivata retains the Personal Data Imprivata collects where Imprivata has an ongoing legitimate business need to do so (for example to comply with applicable legal, tax or accounting requirements). When Imprivata has no ongoing legitimate business need to process your Personal Data, Imprivata will either delete or aggregate it or, if this is not possible due to practical or legal requirements, then Imprivata will securely store your Personal Data. If you would like to request Imprivata no longer use your information to provide you with services, contact email@example.com.
Conditions of Use
The Sites are not intended for anyone under the age of 16 years. If you are younger than 16, you may not register with or use the Sites.
Third party sites
Questions or Concerns
Your privacy is important to us. If you have any questions, concerns, or would like to submit a complaint regarding data privacy, please email firstname.lastname@example.org. You may also visit https://imprivatadsr.ethicspoint.com for more details and to submit a Data Subject Request.
Individuals and the data protection supervisory authorities in the EU may also contact our EU representative according to Art. 27 GDPR:
Imprivata OGiTiX GmbH, Hans-Böckler-Str. 12, 40764 Langenfeld, Germany