GDPR Notice | iDeals Virtual Data Room

GDPR Notice

LAST UPDATED: September 25, 2023

iDeals group of companies* (hereinafter referred to as “iDeals”, “we” or “us”) is committed to protecting your privacy and handling your personal information in a transparent and secure manner. The personal data that we collect and process depends on how you use our site or the service you request from us and agree to in each case.

This privacy notice:

  • provides an overview of how iDeals collects and processes your personal data and tells you about your rights under the respective Applicable Data Protection Laws*,
  • is directed to natural persons who are either current or potential customers of iDeals, or are authorized representatives/agents of legal entities which are current or potential customers of iDeals (hereinafter referred to as “You”),
  • explains under what circumstances we may share your personal data with other members of iDeals Group and third parties (for example, our service providers or suppliers).

In this privacy notice, your personal data may be also referred to as “personal information”. Actions like collecting, handling, storing, sharing and erasing, etc. with respect to your personal data may generally be called “data processing”.

For the purposes of this notice, personal data shall mean any information by which You are or can be identified, such as your name, email, IP address, etc (hereinafter referred to as “Data”, “personal data” ).

Please note that if your company has a separate agreement with us (“Data protection agreement“), it will govern the processing of all information and data collected by us in connection with service provision, including some data collected through our site. Such agreement takes precedence over any conflicting provision in this privacy notice

1. How do we collect and process your personal data?

We collect and store the contact information you provide in registration forms or via online chat sessions at our website. We also collect information when you voluntarily complete customer surveys and provide feedback. We also use cookies to collect information about your activity at idealsvdr.com to analyze the efficiency of your interaction with our website.

We may also collect and process personal data which we lawfully obtain not directly from you but also from our partners or third parties e.g., companies that introduce or recommend you to us. For example, your contact information can be shared between several sales teams within iDeals due to your company’s business location.

We tend to request the least data possible to ensure the proper functioning of our platform and the set of features we offer.

If you are a customer of iDeals or an authorized representative/agent of a legal entity that is a customer, the relevant personal data we collect may include

  • Profile information: full name, company name, contact details (phone and email), title or work position.
  • Registration data: browser name and version (user agent), operating system type (macOS/Windows/Linux/etc.), IP address (based on this we detect city/country/timezone), language (from browser settings), and timezone (from browser/operating system settings and IP address).
  • Authentication data: username (email), password, and phone number (in case the 2FA is activated).
  • Payment Information: If You purchase a paid subscription from iDeals, we will collect payment information from you that may include your name, billing address, and a credit card or bank information. 
  • Call Recordings: iDeals may record and transcribe sales calls hosted on various videoconferencing technologies to enable iDeals sales and support teams to share conversational insights, create training and presentations, and improve their internal processes.
  • Other data arising from the performance of our contractual obligations including the mentioned personal data of all users invited into a virtual data room.

Notice!

Please be advised that we do not provide any services to children. We may hold personal data in relation to children only provided that our customer submits this information to the Virtual Data Room. For the purposes of this privacy notice, “children” are individuals who are under the age of eighteen (18).

In establishing and carrying out a business relationship, we generally do not use any automated decision-making. We may process some of your data automatically, with the goal of assessing certain personal aspects (profiling), in order to enter into or perform a contract with you, in the following cases: sending verification codes by text, etc.

2. Are you required to provide us with your personal data?

To proceed with a business relationship with our service, you have to provide your personal data necessary to let us commence the execution of a business relationship and the performance of our contractual obligations.

Kindly note that if you refuse to provide the required Data we will not be allowed to commence or continue our business relationship with you as our customer, or as the authorized representative/agent of a legal entity that is our customer.

  Provided that you have given us your specific consent for processing (other than for the reasons set out hereinabove) then the lawfulness of such processing is based on that consent.

 You have the right to revoke your consent for further processing at any time by contacting us via  privacy@idealscorp.com.

3. What is the legal basis for our processing of your personal data?

As mentioned prior we are committed to protecting your privacy and handling your data in an open and transparent manner and as such we process your personal data in accordance with the Applicable Data Protection Laws for the following reasons:

Legal BasisClarification
1.For the performance of a contractWe process personal data in order to offer services based on contracts with our customers and to be able to complete the procedure so as to enter into a contract with prospective customers. The contract terms and conditions provide more details of the relevant purposes.
2.For compliance with a legal obligation As a service provider, we are subject to a number of laws, legal obligations and statutory requirements. Such obligations and requirements impose personal data processing activities on us for compliance with court orders, tax laws, other reporting obligations, etc.
3.For the purposes of safeguarding legitimate interests We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. Examples of such processing activities include:

  • Initiating legal claims and preparing our defense in litigation procedures,
  • Measures to manage the business and for further developing our products and services.

4. Who receives your personal data?

While performing our contractual obligations we may share your personal data with several departments within iDeals and other companies of the iDeals Group of companies. Some service providers and suppliers may also receive your personal data so that we are able to perform our contractual obligations. Such service providers and suppliers enter into contracts with iDeals by which they observe confidentiality and data protection requirements according to the Applicable Data Protection Laws.

It must be noted that we may disclose information about you for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorized under our contractual and statutory obligations, or if you have given your consent to do so. All data processors appointed by us to process customer data on our behalf are bound by contract to comply with the Applicable Data Protection Laws.

Under the circumstances referred to above, recipients of personal data may be, for example: supervisory and other regulatory and public authorities; external consultants, financial and business advisors; auditors and accountants; marketing operators; card payment processing companies; file storage companies, archiving and/or records management companies, cloud storage companies; companies who assist us with the effective provision of our services to you by offering technological expertise, solutions and support; website and advertising agencies.

Your personal data may be transferred to third countries, i.e. countries outside of the European Economic Area because we engage service providers from those countries. Our service providers (processors) in third countries are obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to the transfer of your data in accordance with the respective requirement of local data protection law  and as instructed by iDeals.

Intra-group data transfers within iDeals Group of companies take place on the basis of the signed Data processing agreement.

To obtain information about third-party recipients of your personal data, please contact us via privacy@idealscorp.com.

5. How do we treat your personal data for marketing activities and whether profiling is used for such activities?

We may use your personal data to tell you about our products, services and offers that may be of interest to you or your business.

The personal data that we process for this purpose consists of information you provide to us and data we collect and/or infer when you use our services or visit our site. We evaluate this information to focus our product developments and marketing activities on what we think can better meet your needs or what can be of interest for you. In some cases, profiling is done, i.e. we process your data automatically and analyze certain aspects of your personal data to provide you with targeted marketing information on our services.

We can only use your personal data to promote our services to you if we have your explicit consent to do so.

You have the right to object to the processing of your personal data for marketing purposes, which includes profiling at any time, by contacting us via privacy@idealscorp.com.

6. How long do we keep your personal information?

We store your personal data for a limited period of time, which varies depending on the type of data, the purposes of the processing, legal requirements, and the duration of the contractual or service provider relationship with iDeals. In any case, iDeals always follows the the principle of storage limitation described in the GDPR Article 5.

We will retain your data as long as your account remains active. 

You may exercise your right to be forgotten as described in the GDPR Article 17 and upon request, we can delete your data at any time. In such case,  please contact us via privacy@idealscorp.com

We may keep your data for longer if we cannot delete it for legal, regulatory, statistical, or technical reasons.

7. Where is my data stored?

The personal data that we collect from You may be stored on a mix of various cloud provider platforms and may be transferred to, and stored outside the European Economic Area (“EEA”).  It may also be processed by staff operating outside of the EEA who works for us, or for one of our suppliers. Where we do so, the third country’s data protection laws will have been approved as adequate by the European Commission or other applicable safeguards are in place.   

Where such transfers occur, we ensure the confidentiality and protection of all data is preserved through compliance with legal requirements and the Applicable Data Protection Laws. Data encryption, integrity and confidentiality are enforced by following best practice.

8. What about security?

Data security is our top asset and the primary competence much appreciated and relied on by our clients. All the data uploaded into the encrypted VDR cloud physically resides in ISO 27001, 27701 and SOC1, 2 & 3 compliant Tier-3 data centers (servers). Data centers act as data processors and all processing activities are performed automatically by iDeals’ computer scripts and only on servers protected by firewalls. Data centers’ personnel do not have access to our customers’ data since it is encrypted both at rest and in the transfer. iDeals’ customers act as data controllers, which means that they can delete the data uploaded into the VDR on their own or file a specific request with iDeals support team to erase and securely delete all the contents of their VDR.

As an exception, a customer who owns the data stored in the VDR cloud can turn to our technical specialists and grant them access to look into the structure of the VDR should they be experiencing any technical issues. The eligible specialist will be able to check the file’s details (but not the content) to look into the issue and fix it shortly. No one is eligible or able to access the contents data stored in the VDR.

9. What data protection rights do I have?

EU Privacy Standards and GDPR.

Exercising your data protection rights

If European Union (EU), UK or Swiss data protection law applies to the processing of Your personal information, you have certain rights, including the rights to access, correct, delete and export your Data, and to object to or request that we restrict processing of your Data.

Brazil Requirements.

If Brazilian data protection law applies to the processing of Your Data, you have certain rights, including the rights to access, correct, delete or export your Data, as well as to object to or request that we restrict processing of Data. You also have the right to object to the processing of Data.

Chinese Requirements.

If Chinese data protection law applies to the processing of Your Data, you have certain rights, including the rights to access to or rectification or erasure of Your Data and to restrict or object processing of your personal data, as well as the right to data portability. 

Hong Kong Requirements.

If Hong Kong data protection law applies to the processing of Your Data, you have certain rights, including the rights to access to or correction of Your Data and to restrict or object processing of your personal data. 

Ukrainian Requirements.

If Ukrainian data protection law applies to the processing of Your Data, you have certain rights, including the rights to access, correct, delete or export your Data, as well as to object to or request that we restrict processing of Data.

Our grounds for processing your Data mentioned in the “What is the legal basis for our processing of your personal data?” section above. 

To exercise any of your rights, or if you have any other questions about our use of your personal data, please contact us via email: privacy@idealscorp.com

You also have the right to complain to the Office of the Commissioner for Personal Data Protection or any other competent Supervisory Authority.

10. Are changes to this Notice possible?

We may modify or amend this privacy statement from time to time.

In case of any risk to your rights and freedoms, we will notify you appropriately when we make changes to this privacy statement and we will amend the revision date at the top of this page. We do however encourage you to review this statement periodically so as to be always informed about how we process and protect your personal information.

11. Data Protection Officer (DPO)

As part of our commitment to data protection, we have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection practices and ensuring that your rights as a data subject are respected.

Contact Information: 

If you have any questions, concerns, or requests regarding the processing of your personal data or your data protection rights, you can contact our Data Protection Officer using the following contact details:

privacy@idealscorp.com 

Your Communication with the DPO 

You can contact our Data Protection Officer if you have any questions, concerns, or requests related to your personal data or data protection. Whether you wish to exercise your rights as a data subject, inquire about our data processing activities, or seek clarification on our privacy practices, our DPO is here to assist you.

12. Frequently asked questions.

To help you understand the basic principles of this Notice and address some of the common questions that arise with regard to the protection of your personal data according to this Notice, please refer to the FAQ page. 

* What does it mean ?

  • iDeals group of companies means the below companies:
  • iDeals Holding Limited (Malta)
  • iDeals Solutions Operations Limited (Malta)
  • iDeals Group Holding Limited (UK)
  • Dealigence Inc. (USA)
  • iDeals Solutions Group Limited (UK)
  • iDeals Do Brasil Servicos De Informacao Ltda (Brazil)
  • iDeals Business Technology Solutions (Shanghai) Co., Ltd. (China)
  • iDeals Solutions APAC PTY LTD (Australia)
  • iDeals Solutions Limited (Hong Kong)
  • iDeals Solutions Group  Limited (Hong Kong)
  • iDeals Solutions Germany GmbH (Germany)
  • “VDR SERVICE” LLC (Ukraine)
  • iDeals Solutions Spain, S.L. (Spain)
  • iDeals Poland sp. z o.o. (Poland)
  • iDeals Group GmbH (Switzerland)
  • Applicable Data Protection Laws means the relevant local data protection laws and the General Data Protection Regulation – Regulation (EU) 2016/679 (GDPR)) to the extent applicable, as amended from time to time

If you still have questions or need more detailed information on the GDPR please do the next steps:

а) see our privacy policy,

b)  contact us via privacy@idealscorp.com,

c) visit the European Commission official website.