ICONOCULTURE PRIVACY POLICY

Effective Date: August 2018

The Iconoculture website located at iconoculture.cebglobal.com and the associated Iconoculture products and mobile applications (collectively, "the Services") are provided by Gartner Inc. and all its group companies doing business under the Gartner name listed here. Please read this Privacy Notice ("the Notice") carefully as it sets out important information relating to how we handle your personal information. Gartner and all its group companies will have access to information on individuals covered by this Notice.

How to Contact Us

Questions, comments and requests regarding this Privacy Notice should be addressed to our Data Protection Officer through the following means:

Global Data Protection Officer
Legal Department
56 Top Gallant Road
Stamford, CT 09602
USA
Email Address: privacy@gartner.com

Introduction

This Notice sets out how we will collect and use personal information, and the choices and rights available to you in connection with our use of your personal information.

This Notice will apply whether you have provided the information directly to us or we have obtained it from a different source, such as a third party.

1. INFORMATION THAT WE COLLECT ABOUT YOU
Data collection and usage
Information we collect directly from you or from the following sources:
  • Your employer;
  • Our website (member-based and public); and
  • Our apps
Categories of information we collect about you include:
  • Information your employer provides to us about you including your name, business or personal email address, job title, organization, organization’s physical address, direct telephone number, photograph, and biographical details;
  • Information you provide when you enter information on the Services, such as when you submit a question, answer online questionnaires, participate in surveys, submit feedback forms; or engage in other transactions;
  • Information you provide when you subscribe to email newsletters such as name, email address, job title;
  • Information you provide when registering for an online or member account including name, business or personal email address, job title, organization, organization’s physical address, direct telephone number, photograph, and biographical details;
  • Where you have an online or member account, log-in and similar credentials and information about use and account preferences;
We use this information for certain activities, including:
  • Enabling you to access your account across devices;
  • Personalizing and enhancing the experience of our Services;
  • Attributing content that you make available through the Services;
  • Administering the Services;
  • Providing better, more customized client service and responding to your inquiries;
  • Investigating any complaints;
  • If you are a Gartner Member or Client that establishes an IconoIQ account, we may display your name and picture only to other members of your organization. If you do not want us to display such information, you should not register for an IconoIQ account
We use this information because:
  • It is necessary for performing our obligations, or exercising our rights, under our contracts with clients;
  • It is necessary for compliance with any legal or regulatory obligations;
  • We have a legitimate business interest to:
    • Promote our brand and business
    • Monitor, investigate, and report any attempts to breach the security of our website;
    • Provide and improve the Services;
    • Operate our business;
  • We have your consent (where required under applicable law) to use your information for marketing. Where we rely on your consent, you have the right to withdraw consent by contacting us.
Information we collect about the use of our website and apps from users.
Categories of information we collect about you include:
  • Information captured in our web logs such as device information (e.g. device brand and model, screen dimensions), unique identification numbers (e.g. IP address and device ID), and browser information (e.g URL, browser type, pages visited, date/time of access), geo-location and other device-specific information, Internet connection information;
  • Advertising information (such as size/type of ad, ad impressions, location/format of ad, data about interactions with ad);
  • Behavioural information (such as information on the behaviour or presumed interests of individuals which are linked to those individuals and may be used to create a user profile); and
  • Information captured by our cookies (see our Cookie Policy).
We use this information for certain activities, including:
  • Personalizing the experience of our website;
  • Administering our website;
  • Performing statistical and trend analysis to improve the user experience and performance of our website;
  • Providing better, more customized client service;
  • Investigating any complaints.
We use this information because:
  • It is necessary for compliance with any legal or regulatory obligations;
  • We have a legitimate business interest to:
    • Monitor, investigate and report any attempts to breach the security of our websites;
    • Improve the performance and user experience of our websites;
    • Customize the client experience.
 
1.1 Further information

Where legitimate interests are mentioned above, a legitimate interest will only apply where we consider that your interests or rights which require protection of your personal information do not override our legitimate interests. If you require further information regarding our legitimate interests as applied to your personal information, you may contact our Data Protection Officer.

The Services are for individuals who are at least 18 years of age. The Services are not designed to be used by individuals under the age of 18.

In certain circumstances, if you do not provide personal information which is required (such as log-in information to create an account), we will not be able to perform our obligations under the contract with you or may not be able to provide you with products and services. We will make it clear if and when this situation arises and what the consequences of not providing the information will be.

IconoCommunities Members. From time to time, observers from our clients’ organizations may observe IconoCommunities using a special access role that allows them to view community activity. All observers are bound to the same Terms of Use and Privacy Policy, and therefore prohibited from sharing data beyond the scope of the community. Observers do not have access to personal information you provide during the signup process.

In the event that you post personal information in IconoCommunities discussion forums or other areas of the Services allowing users to upload or post content, that information can be viewed by any user or observer with access to those areas. We discourage users from posting personal information in this fashion, and any personal information you post to these public or restricted areas is not covered by this Policy.

We may post quotes from your responses to surveys, along with your username, age, and demographic information, in the areas of our Services available to Gartner Iconoculture Members/Clients. These quotes will only be visible to Gartner Members/Clients and will not be displayed to the general public.

Communication with Colleagues

You may use the send-to-colleague functionality on our Services to send your colleagues information from Gartner or its subsidiaries. In order to fulfil this request, we will ask you for your and your colleagues' names and email addresses. We do not retain this data after the email is sent. Please be aware that your name and e-mail address may be included in the communication sent to your colleague.

Restricted Areas

If you access the Restricted Areas of any of our Services, we may collect information about your access to and use of research materials, decision-support tools, and other online and offline resources we offer.

Information from Other Sources

We may also periodically obtain information about you from other sources. The collection of such information will be in accordance with applicable privacy laws. Examples of information we receive include updated contact information and additional demographic information. Please note that we sometimes collect information relating to you at the time you or your organization enrol in a program run by Gartner or any of its subsidiaries, as well as in the course of allocating and issuing to you a unique ID and password to access any Restricted Areas of the services.

2. WHEN WE DISCLOSE YOUR PERSONAL INFORMATION

We may disclose your personal information to third parties as follows:

  • To Gartner group companies in order to process the data for the above mentioned purposes;
  • When we have your consent or authorization to do so;
  • To third parties who work on our behalf to service or maintain business contact databases and other IT systems, such as suppliers of the IT systems which we use to process personal information, or who provide other technical services, such as printing;
  • To third parties providing services to us who have a need to access your information, such as our professional advisors (e.g. auditors and lawyers);
  • To comply with applicable laws, protect rights, safety and property, and respond to lawful requests from public authorities (such as disclosing data in appropriate situations for national security or law enforcement purposes);
  • Subject to applicable law, in the event that Gartner is merged, sold, or in the event of a transfer of some or all of our assets (including in bankruptcy), or in the event of another corporate change, in connection with such a transaction, or for pre-transaction review in relation to such transactions.

Your personal information may be shared if we anonymize and/or aggregate it, as in these circumstances the information will cease to be personal information.

Utilization Information

We may share information with our organizational clients about how their employees use the resources available to them through the Services (e.g. how employees used certain features of the sites, utilization trends, which features were most popular with the member’s employees).

3. INTERNATIONAL TRANSFERS

Gartner is a global company and, as such, we may transfer personal information to other Gartner group companies or suppliers outside your home jurisdiction. Gartner will take all reasonable steps to ensure that personal information is protected and any such transfers comply with applicable law.

Gartner may transfer and maintain the personal information of individuals covered by this Notice on servers or databases outside the European Economic Area (EEA). Some of these countries may not have the equivalent level of protection under their data protection laws as in the EEA.

The countries to which we transfer data outside of the EEA may include any of the countries in which Gartner does business. A list of Gartner office locations can be found here.

All Gartner entities have signed an Intragroup Agreement containing the European Union ("EU") Commission Approved Standard Contractual Clauses for the transfer of data outside the European Economic Area. All Gartner entities have the same technical, physical, and administrative security controls and are required to comply with our data protection policies and procedures, applicable laws, and the terms of our client and member contracts governing the collection and use of information.

4. RETENTION PERIODS

We will retain your personal information for as long as required to perform the purposes for which the data was collected, depending on the legal basis for which that data was obtained and/or whether additional legal/regulatory obligations mandate that we retain your personal information. We may also retain personal information for the period during which a claim may be made in relation to our dealings with you.

In general terms, this will mean that your personal information will be kept for the duration of our relationship with you and:

  • the period required by tax and company laws and regulations; and
  • as long as it is necessary for you to be able to bring a claim against us and for us to be able to defend ourselves against any legal claims. This will generally be the length of the relationship plus the length of any applicable statutory limitation period under local laws.
5. CHOICES ABOUT YOUR INFORMATION

We believe it is important to give you choices about the use of your information. We will use your information as described in this Policy (or any other event- or service-specific Privacy Policy). If we want to use your information for a purpose not described in this Policy, we will first get your consent to do so.

Marketing Communications

We will respect your wishes not to receive marketing communications. You can change your marketing preferences by contacting us at the address here. If you gave us your email address to receive marketing communications, you can opt out at any time by using the unsubscribe links or instructions included at the bottom of our emails. Please note that we will continue to send you service-related communications regardless of any opt-out request. We will not sell or share your information or information with third parties (other than our subsidiaries or affiliates) for their own promotional or marketing purposes unless you give us consent to do so and where permitted by applicable law.

Members/Clients. If you are a Member or Client, you may tell us what kinds of communications you would like to receive by logging into your account and going to the Email Preferences tab under Settings.

IconoCommunities members. Participation in IconoCommunities is voluntary. If at any point you decide that you no longer with to be a member, you may send an email request to icsupport@cebglobal.com with the word "unsubscribe".

California Online Privacy Protection Act Notice Concerning Do Not Track Signals

Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers. We do not recognize or respond to browser-related DNT signals, as the industry is currently working toward a common approach to responding to DNT. To learn more about Do Not Track, please click here.

6. DATA SUBJECT RIGHTS

You have certain rights, in certain circumstances, in relation to your personal information. A summary of each right and how an individual can take steps to exercise it is set out below. If you wish to exercise any of these rights, please contact us using the contact details specified above for the Data Protection Officer. Such requests should include appropriate identity verification information (such as your name, address, email address or other information reasonably required).

Where we receive a request to exercise one of these rights, we shall provide information on the action we take on the request without undue delay and in any event within one month of receipt of the request. This may be extended by a further two months in certain circumstances, for example where requests are complex or numerous.

The information will be provided free of charge, except where requests are manifestly unfounded or excessive, in particular because of their repetitive character. In these circumstances we may charge a reasonable fee or may refuse to act on the request. We will advise you of any fees prior to proceeding with a request.

We may ask for additional information to verify your identity before carrying out a request.

Where we do not carry out a request, we shall inform you without delay and within one month of receipt of the request, providing our reasons for not taking the action requested.

Right How you can exercise the right
Right to access and/or correct your personal information You have the right to access personal information we hold about you, as well as to be provided with a copy of the information (in most circumstances). You also have the right to correct any information we may hold about you that is inaccurate. In some cases, you may directly access your online profile and other personal details, and amend, update, or add to the information in your IconoIQ profile at any time by logging into your account on the IconoCommunities website.
Right to restrict use of your personal information You have the right to ask us to restrict processing of your personal information where one of the following applies:
  • The processing is unlawful but you want us to restrict use of the data instead of deleting it;
  • Where you contest the accuracy of your personal information, the restriction will apply until we have verified the accuracy or corrected your personal information;
  • We no longer require the personal information for the purposes of processing, but you still require us to keep it in connection with a legal claim;
  • You have exercised your right to object to the processing. The restriction will apply until we have taken steps to verify whether we have compelling legitimate grounds to continue processing.
Right to request deletion of your personal information You have the right to ask us to delete your personal information in certain circumstances.

There are also certain exceptions where we may refuse a request for erasure, for example, where the personal information is required to comply with a legal obligation or for the establishment, exercise or defense of legal claims.
Right to object to processing of your personal information You may also object to processing of your personal information in cases where we have used legitimate interests as the basis for processing. In such cases, we will stop processing your personal information until we verify that we have compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms in asking us to stop processing the data, or in limited cases where we need to continue processing the data for the establishment, exercise, or defence of legal claims.
Right to data portability In most cases, you have the right to receive all personal information you have provided to us in a structured, commonly used, and machine-readable format and to transmit this data to another data controller, where technically feasible.
Right to lodge a complaint with a supervisory authority If you object to our processing of your personal information, you have the right to complain to the data protection authority (“DPA”) in the country where you reside, where you work, or where an alleged infringement of data protection laws has taken place.
 
7. SECURITY

We have implemented administrative, technical, and physical security measures to help prevent unauthorized access. Despite these measures, no data transmission over the Internet can be entirely secure, and we cannot and do not guarantee or warrant the security of any information you transmit via the Services. Please note that you are responsible for maintaining the security of your credentials used to access the Services, and you must report suspected unauthorized activity to us.

We make efforts to restrict access to information to only those employees, contractors, and agents who need such access in order to operate, develop, improve, or deliver our programs, products, and services.

8. COOKIES AND SIMILAR TECHNOLOGIES

A cookie is a small text file which includes a unique identifier that is sent by a web server to the browser on your computer, mobile phone or any other internet enabled device when you visit an on-line site. Cookies and similar technologies are widely used to make websites work efficiently and to collect information about your online preferences. For simplicity, we refer to all these technologies as "cookies".

Some of our website pages may contain electronic images known as web beacons (also known as clear gifs, tags or pixels) that allow us to count users who have visited our pages. Web beacons collect only limited information, e.g. a cookie number, time and date of a page view, and a description of the page on which the web beacon resides. We may also carry web beacons placed by third party advertisers. These beacons do not carry any information that could directly identify you.

More detailed information on how we use cookies and other web technologies can be found here.

9. MISCELLANEOUS
 
9.1 Links

To provide increased value to you, we provide links to other websites or resources that are not part of the Services run by Gartner. We do not control these websites or their privacy practices, and any information you provide to these sites is subject to the Privacy Policies of those sites and not this Notice.

9.2 California Privacy Rights

Subject to certain limits under California Civil Code § 1798.83, California residents may request certain information regarding our disclosure of their personal information (as defined by California law) to third parties or their direct marketing purposes. To make such a request, please contact us as specified at the beginning of this Privacy Policy.

9.3 Changes to this Notice

From time to time, we may change and/or update this Notice. If this Notice changes in any way, we will post an updated version on this website. We recommend you regularly review this website to ensure that you are always aware of our information practices and any changes to such. Any changes to this Notice will go into effect on posting to this page.