Effective Date of Current Policy: May 21, 2018
IPS complies with the requirements of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively “Privacy Shield”), as set forth by the U.S. Department of Commerce and the Federal Trade Commission (“FTC”), regarding the collection, use, and retention of Personal Information transferred from the European Economic Area and Switzerland to the United States. IPS has certified to the Department of Commerce that it adheres to the Privacy Shield Principles and Supplemental Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view IPS’ certification, please visit https://www.privacyshield.gov. Additionally, IPS may protect information through other legally valid methods, including international data transfer agreements.
What Personal Information We Collect and How We Use It
The types of Personal Information we may collect (directly from you or from Third-Party sources) and our privacy practices depend on the nature of the relationship you have with IPS and the requirements of applicable law. Some of the ways that IPS may collect Personal Information include:
• You may provide Personal Information directly to IPS through interacting with the Services, participating in surveys, during events such as sweepstakes and trade shows, and requesting Services or information.
• As you navigate the Services, certain passive information may also be collected about your visit, including through cookies and similar technologies as described below.
The following sections describe who we collect information and how we use it.
IPS collects Personal Information regarding its current, prospective and former clients, customers, visitors and guests (collectively “Clients”). Client data we collect includes information relating to the sale or support of IPS Services, including an individual’s title, name, address, phone number, email address, government identification (driver’s license, passport), as well as financial information related to payments for services or goods.
We acquire, hold, use and Process Personal Information about Clients for a variety of business purposes including to:
• generally manage Client information and accounts; provide IPS International, Inc. Project Management and Construction Claim Services;
• respond to questions and requests;
• provide access to certain areas and features of the IPS’ Sites;
• verify Client identity;
• communicate about Client account and activities on IPS’ Sites and systems, and, in IPS’ discretion, changes to any IPS policy;
• tailor content, advertisements, and offers we serve to Clients ;
• process payment for products or services purchased;
• for purposes disclosed at the time that Clients provide Personal Information or otherwise with consent.
IPS collects Personal Information regarding its current, prospective and former suppliers, distributors, subcontractors and strategic partners (collectively “Suppliers”). Supplier information we collect relates to the management of Suppliers and the receipt of their products and services. It may include an individual’s title, name, address, phone number, email address, government identification (driver’s license, passport), as well as financial information related to payment for goods and services.
We acquire, hold, use and Process Personal Information about Suppliers for a variety of business purposes including to:
• generally manage Supplier information and accounts;
• provide IPS Project Management and Construction Claim Services;
• respond to questions and requests;
• provide access to certain areas and features of our Sites;
• verify Supplier identity;
• communicate about Supplier account and activities on our Sites and systems, and, in IPS’ discretion, changes to any IPS policy;
• tailor content;
• process payment for products or services purchased by IPS;
• improve our Sites and systems;
• develop new products, processes and services;
• process applications and transactions; and
• for purposes disclosed at the time Suppliers provide personal data or otherwise with consent.
Human Resources Data
IPS collects Personal Information from current, prospective and former Employees, their contact points in case of a medical emergency, and beneficiaries under any insurance policy (“Human Resources Data”). The Human Resources Data we collect may include an individual’s title, name, address, phone number, email address, date of birth, passport number, driver’s license number, social security number, financial information related to credit checks, bank details for payroll, information that may be recorded on a CV or application form, contact information of third parties in case of an emergency, and beneficiaries under any insurance policy. Additionally, we may collect location information regarding our Employees, including through GPS tracking technology on Company-owned vehicles, tools or other devices. We may also collect Sensitive Human Resources Data such as details of health and disability, including mental health, medical leave, and maternity leave, as well as information relating to trade union membership.
We acquire, hold, use and Process Human Resources-related Personal Information for a variety of business purposes including:
• workflow management, assigning, managing and administering projects;
• Human Resources administration and communication;
• payroll and the provision of benefits;
• compensation, including bonuses and long-term incentive administration, stock plan administration, compensation analysis, including monitoring overtime and compliance with labor laws, and company recognition programs;
• job-grading activities;
• performance and employee development management;
• organizational development and succession planning;
• benefits and personnel administration;
• absence management;
• helpdesk and IT support services;
• regulatory compliance;
• internal and/or external or governmental compliance investigations;
• internal or external audits;
• litigation evaluation, prosecution and defense;
• diversity and inclusion initiatives;
• shareholder management;
• restructuring and relocation;
• emergency contacts and services;
• Employee safety, including monitoring compliance with safety regulations by confirming Employees are not speeding or otherwise violating traffic laws;
• compliance with statutory requirements;
• processing of employee expenses and travel charges; and
• acquisitions, divestitures and integrations.
Additional Types of Information We Collect
We endeavor to collect information only relevant for the purposes of Processing. Below are and some of the ways we collect information and how we use it.
Social Media and Interest-Based Advertising
Information from Third-Party Sources
IPS may collect information about you from Third-Party sources to supplement information provided by you. This supplemental information allows us to verify information that you have provided to IPS and to enhance our ability to provide you with information about our business, products and services. IPS’ agreements with these Third-Party sources typically limit how IPS may use this supplemental information.
Direct Mail, Email and Outbound Telemarketing
Clients and Suppliers who provide us with Personal Information, or whose Personal Information we obtain from Third Parties, may receive periodic emails, mailings or phone calls from us with information on our products and services or upcoming special offers/events we believe may be of interest. We offer our Clients and Suppliers the option to decline these communications at no cost to the individual Client or Supplier by following the procedures outlined below.
From time to time, IPS may perform research (online and offline) via surveys. We may engage Third-Party service providers to conduct such surveys on our behalf. All survey responses are voluntary, and the information collected will be used for research and reporting purposes to help us to better serve Clients and Suppliers by learning more about their needs and the quality of the products and services we provide. The survey responses may be utilized to determine the effectiveness of our Sites, various types of communications, advertising campaigns and/or promotional activities. If a Client or Supplier participates in a survey, the information given will be used along with that of other study participants. We may share anonymous individual and aggregate data for research and analysis purposes.
All Internet Users – Cookies, Pixel Tags, Web Beacons and Aggregate Information
IPS does not currently use cookie technology, but may in the future. Like many other websites, IPS may employ a cookie, or small piece of computer code that enables Web servers to “identify” visitors, each time an individual initiates a session on the Company’s Sites. A cookie is set in order to identify Data Subjects and tailor our Sites to you. Cookies do not store any of the Personal Information that is provided to the IPS Sites; they are simply identifiers. Data Subjects have the ability to delete cookie files from their own hard drive at any time. However, individuals should be advised that cookies may be necessary to provide access to much of the content and many of the features of IPS’ Sites.
Pixel Tags/Web Beacons
IPS may use “pixel tags,” also known as “web beacons,” which are small graphic files that allow us to monitor the use of our Sites. A pixel tag can collect information such as the Internet Protocol (“IP”) address of the computer that downloaded the page on which the tag appears; the URL of the page on which the pixel tag appears; the time the page containing the pixel tag was viewed; the type of browser that fetched the pixel tag; and the identification number of any cookie on the computer previously placed by that server. When corresponding with you via HTML capable email, we may use "format sensing" technology, which allows pixel tags to let us know whether you received and opened our email.
Social Media Widgets
Anonymous and Aggregated Information
Anonymized and aggregated information is used for a variety of functions, including the measurement of visitors’ interest in and use of various portions or features of the Sites. Anonymized or aggregated information is not Personal Information, and IPS may use such information in a number of ways, including internal analysis, analytics and research. We may share this information with Third Parties for our or their purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying you.
We may also use Google Analytics and Google Analytics Demographics and Interest Reporting to collect information regarding visitor behavior and visitor demographics on some of our Services, and to develop website content. This analytics data is not tied to any Personal Information. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and Processing of data generated by your use of the Services by going to http://tools.google.com/dlpage/gaoptout.
Choice/Modalities to Opt Out
Where you have consented to IPS’ processing of your Personal Information or Sensitive Personal Information, you may withdraw that consent at any time and opt out by contacting our Data Protection Officer at DPO@ipsdb.com. Even if you opt out, we may still collect and use non-Personal Information regarding your activities on our Sites.
Additionally, before we use Personal Information for any new purpose not originally authorized by you, we will provide information regarding the new purpose and give you the opportunity to opt out.
Prior to disclosing Sensitive Data to a Third Party or Processing Sensitive Data for a purpose other than its original purpose or the purpose authorized subsequently by the Data Subject, IPS will endeavor to obtain each Data Subject’s explicit consent (opt-in). Where consent of the Data Subject for the Processing of Personal Information is otherwise required by law or contract, IPS will comply with the law or contract.
Email and Telephone Communications
Human Resources Data
With regard to Personal Information that IPS receives in connection with the employment relationship, IPS will use such Personal Information only for employment-related purposes (e.g., tax, payroll, benefits), as more fully described in the Transparence/Notice section above. If IPS intends to use this Personal Information for any other purpose, IPS will provide the Data Subject with an opportunity to opt-out of such uses (e.g., charity, health club membership).
“Do Not Track”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
As noted above, you may stop or restrict the placement of cookies on your computer or remove them from your browser by adjusting your web browser preferences. These cookie-based opt-outs must be performed on each device and browser that you wish to have opted-out. For example, if you have opted-out on your computer browser, that opt-out will not be effective on your mobile device. You must separately opt-out on each device.
Information We Share
We may disclose information about you: (i) if we are required to do so by law, court order or legal process; (ii) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; (iii) under the discovery process in litigation; (iv) to enforce IPS policies or contracts; (v) to collect amounts owed to IPS; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) in the good faith belief that disclosure is otherwise necessary or advisable. In addition, server logs may be reviewed for security purposes – e.g., to detect unauthorized activity on the Sites. In such cases, server log data containing IP addresses may be shared with law enforcement bodies in order that they may identify users in connection with their investigation of the unauthorized activities.
International Data Transfers
You agree that all Personal Information collected via or by IPS may be transferred, Processed, and stored anywhere in the world, including but not limited to, the United States, the European Union, in the cloud, on our servers, on the servers of our affiliates or the servers of our service providers. Your Personal Information may be accessible to law enforcement or other authorities pursuant to a lawful request. By providing information to IPS, you explicitly consent to the storage of your Personal Information in these locations.
Rights of Access, Rectification and Erasure and Restriction
Security of Your Information
The security of all Personal Information provided to IPS is important to us, and IPS takes reasonable steps designed to protect your Personal Information. Unfortunately, no data transmission over the Internet or storage of information can be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us. We do not accept liability for unintentional disclosure.
By using our Sites or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Sites. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Sites or sending an e-mail to you. You may have a legal right to receive this notice in writing.
Redress/Compliance and Accountability
IPS Attn: Data Protection Officer
721 Arbor Way, Suite 100
Blue Bell, PA 19422
IPS will address your concerns and attempt to resolve any privacy issues in a timely manner. If you are an EU Citizen and feel that IPS is not abiding by the terms of this Policy, or is not in compliance with the Privacy Shield Principles, please contact IPS at the contact information provided above.
In addition, IPS has agreed to refer unresolved complaints related to Personal Information to JAMS Privacy Shield Dispute Resolution Program and, with respect to Employee and human resources data, has committed to cooperate with the panel established by local data protection authorities and comply with the advice given by the panel for EU citizens and with the Swiss Federal Data Protection and Information Commissioner’s authority and advice for such data of Swiss citizens. For more information and to submit a complaint regarding Individual data to JAMS, a dispute resolution provider which has locations in the United States and EU, visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim.
Such independent dispute resolution mechanisms are available to citizens free of charge. If any request remains unresolved, you may contact the national data protection authority for your EU Member State.
You may also have a right, under certain conditions, to invoke binding arbitration under Privacy Shield; for additional information, see https://www.privacyshield.gov/article?id=ANNEX-I-introduction. The FTC has jurisdiction over IPS’ compliance with the Privacy Shield.
Other Rights and Important Information
Information Regarding Children
Due to the nature of IPS’ business, services and benefits are not marketed to minors. IPS does not knowingly solicit or collect Personal Information from children under the age of 13. If you learn that your child has provided us with Personal Information without your consent, you may alert us at DPO@ipsdb.com. If we learn that we have collected Personal Information from a child under the age of 13, we will promptly delete that information.
Links to Third-Party Websites
The following capitalized terms shall have the meanings herein as set forth below.
“Agent” means any Third Party that processes Personal Information pursuant to the instructions of, and solely for, IPS or to which IPS discloses Personal Information for use on its behalf.
“Data Subject” is an identified or identifiable natural person.
“Employee” refers to any current, temporary, permanent, prospective or former employee, director, contractor, consultant, worker or retiree of IPS or its subsidiaries worldwide.
“Personal Information” is any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Privacy Shield” means the seven (7) principles of the Privacy Shield Framework: (1) notice, (2), choice, (3) accountability for onward transfer, (4) security, (5) data integrity and purpose limitation, (6) access, and (7) recourse, enforcement, and liability. Additionally, it includes the sixteen (16) supplemental principles described in the Privacy Shield: (1) sensitive data, (2) journalistic exceptions, (3) secondary liability, (4) performing due diligence and conducting audits, (5) the role of the data protection authorities, (6) self-certification, (7) verification, (8) access, (9) human resources data, (10) obligatory contracts for onward transfers, (11) dispute resolution and enforcement, (12) choice – timing of opt-out, (13) travel information, (14) pharmaceutical and medical products, (15) public record and publicly available information, and (16) access requests by public authorities.
“Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Sensitive Data” or “Sensitive Personal Information” is a subset of Personal Information which, due to its nature, has been classified by law or by policy as deserving additional privacy and security protections. Sensitive Personal Information includes Personal Information regarding EU-residents that is classified as a “Special Category of Personal Data” under EU law, which consists of the following data elements: (1) race or ethnic origin; (2) political opinions; (3) religious or philosophical beliefs; (4) trade union membership; (5) genetic data; (6) biometric data where Processed to uniquely identify a person; (6) health information; (7) sexual orientation or information about the individual’s sex life; or (8) information relating to the commission of a criminal offense.
“Third Party” is any natural or legal person, public authority, agency or body other than the Data Subject, IPS or IPS’ agents.