Last updated: 01.29.2020
What Information Do We Collect?
Types of Data Collected
Personal data, or personal information, means any information about an individual from which that person may be identified. It does not include data where the identity of an individual has been removed (also known as anonymous data). Idem collects information from you at different times, but most notably when you contact us (via the Site or otherwise) to request a quote or information, or to join our network of freelancers. The personal data we collect falls into these general categories:
|Category of Data||What It Includes|
|Identity Data||Your title, first name, last name, and the organization for which you work. If you are applying to be a freelancer, we will collect your resume, references, and any tax identification information required by law.|
|Contact Data||Your postal address, email address, and telephone numbers.|
|Financial Data||If you are a freelancer, your checking or PayPal account information. If you are a customer and pay for a translation by credit card, only the last 4 digits of your credit card and the expiration year.|
|Transaction Data||If you are a customer, details about payments from you on behalf of your company and other details of products and services you have purchased from us. If you are a freelancer, details about payments to you.|
|Marketing and Communications Data||Your preferences in receiving direct marketing from us and our third parties and your communication preferences.|
We also collect and use Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate visitor data to calculate the percentage of users accessing a specific feature of our Site.
Our Site uses Google Analytics, but without customization. You can learn more about Google Analytics by visiting their policy site.
We do not (and do not want to) collect any sensitive data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offenses.
Idem recognizes the privacy interests of children and we encourage parents and guardians to take an active role in their children’s online activities and interests. Neither our Site nor our Services are intended for children under the age of 16. Idem does not target its Platform to children under 16 and does not knowingly collect personal data from children under the age of 16.
How We Use Your Information
We use your personal data in a number of different ways. The table below provides more detail, showing what we do with your information and why, but generally, we use your information for the following reasons:
- In order to provide relevant information about our Services to you. For instance, if you are a customer who needs translation services and you contact us for a quote or for information, we will need to collect certain information in order to respond and tailor our Services to your specific needs.
- In order to perform the contract we are about to enter into or have entered into with you. For example, if you join our network of freelancers, we collect information to enable payment for your services as part of our contract with you. This may include disclosure to the third parties who help us perform our end of the bargain, such as payment processors.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, when we provide you with customer support.
- Where we need to comply with a legal or regulatory obligation. For example, keeping records of our sales for tax compliance.
|Purpose/Activity||Type of Data (non-exhaustive)||Lawful Basis for Processing|
|To communicate and manage our relationship with you, including:
||Identity; Contact||Performance of a contract with you.
Necessary to comply with a legal obligation.
Necessary for our legitimate interests (to keep our records updated and to study how customers use our products).
|To process payments for Projects and compensate freelancers, including:
||Identity; Contact; Transaction||Performance of a contract with you.
Necessary for our legitimate interests (to pay for services rendered and recover payment for projects delivered).
|To market our services to you||Identity; Contact; Marketing and Communications||For most direct marketing communications, we rely on consent or consent implied from your past purchase from us of similar products; however, there are situations in which it is in our legitimate interests to use your personal data in this way. (Please see Marketing and Your Communications Preferences below.)|
|To administer and protect our business and the Platform (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||Identity; Contact; Technical||Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise).
Necessary to comply with a legal obligation.
|In order to resolve legal claims or disputes involving you or us||All relevant data categories, depending on the nature of the allegation or claim||Necessary to bring or defend a claim.|
Sharing Your Information
- Companies that assist us with our services and help us keep track of our clients, or do things to get your payments to you, such as hosting service providers, payment service providers, and Customer Relationship Management (“CRM”) systems;
- Professional service providers, such as auditors, bankers, lawyers, accountants and insurers, marketing agencies, advertising partners and Site hosts, who help us run our business; and
- Governments, regulators, law enforcement and fraud prevention agencies.
For example, we disclose personal data with the following specific third parties who offer software and hosting solutions and who also have their own privacy policies:
- Salesforce, which provides a CRM platform;
- PayPal and banks, which process payments to and from Idem.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may also share your personal data to the extent allowed by applicable law (a) if we are required to do so by law, regulation or other government authority or otherwise in cooperation with an ongoing investigation of a governmental authority, or (b) to enforce the Idem contracts or user agreements or to protect our rights.
As noted above, Idem may collect account information to process payments. Idem also uses third-party payment processors to process payments, such as Intuit. All credit card payments are conducted in accordance with Payment Card Industry (PCI) data security standards and your billing information (which is only used by these payment processors for the purpose of performing fraud protection) is encrypted before being communicated to them.
Marketing and Your Communication Preferences
If you are a customer, we may use your Identity and Contact data to market our services to you. We carry out direct marketing by email. You have the right at any time to opt out of marketing emails. The easiest way to opt out is to use the unsubscribe link that you will find at the bottom of each communication.
Third Party Links
Data Security & Retention
We have put in place appropriate security measures designed to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. For example, we use encryption, secure socket layer, firewalls, and password protection. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a legitimate need to know.
We will only keep your personal data for as long as necessary to fulfill the purposes for which we collected it in the first place, including for the purposes of satisfying any legal, accounting, or reporting requirements. This includes retaining your data in order to remember who you are, such as your prior Projects with us.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your data; see Legal Rights below for further information.
There are exceptions from static retention periods that have to be taken into consideration. For instance, we cannot delete personal data when there are legal obligations to retain it (e.g. arising from tax or commercial law) or when it is needed for the establishment, exercise or defense of legal claims (“litigation hold”). In this case, the personal data can be retained as long as needed for exercising respective potential legal claims.
If the GDPR applies to you because you are in the European Economic Area, you have certain rights in relation to your personal data, including:
- The right of access – that’s a right to make what’s known as a ‘data subject access request’ for a copy of the personal data we hold about you;
- The right to rectification – that’s a right to ask us to correct personal data about you that may be incomplete or inaccurate;
- The right to erasure (also known as the ‘right to be forgotten’) – that’s where in certain circumstances you can ask us to delete the personal data we have about you (unless there’s an overriding legal reason we need to keep it);
- The right to restrict processing – that’s a right for you in certain circumstances to ask us to suspend processing personal data;
- The right to data portability – that’s a right for you to ask us for a copy of your personal data in a common format (for example, a .csv file);
- The right to object – that’s a right for you to object to us processing your personal data (for example, if you object to us processing your data for direct marketing); and
- Rights in relation to automated decision making and profiling – that’s a right you have for us to be transparent about any profiling we do, or any automated decision making.
These rights are subject to certain rules around when you can exercise them. If you wish to exercise any of the rights set out above, please contact us.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law. You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us first.
How to Contact Idem About Privacy