Privacy Statement
ICF International, Inc. and its affiliates, subsidiaries, trusted business partners or alliances, agents, subcontractors, third-party vendors or newly acquired companies (collectively, “ICF,” "we", "us" and "our") is a privacy-conscious organization and strongly committed to respecting, protecting and processing personal data responsibly in compliance with applicable data protection laws and this Privacy Statement.
This Privacy Statement and its sub-pages describe our general privacy and data processing practices, where we collect personal data gathered (1) through use of our websites or mobile apps that post, display, or link to this Privacy Statement (“Sites”), (2)通过从发布或链接本隐私声明的移动设备访问的可下载应用程序(“移动应用程序”), (3) from individuals who engage regarding our or our clients services or individuals within our clients’, business partners’, suppliers’ and other organizations with which we have or contemplate a business relationship (“Services”), or (4) by any other mode of interacting with you relating to our communications, such as online or offline newsletters and magazines (“Communication”) as referenced in this Privacy Statement.
This Privacy Statement also explains the choices and rights individuals have regarding their personal data. We also have implemented global policies, along with standards and procedures, as part of our Global Data Protection & ePrivacy Program for our consistent handling, sharing, and protecting personal data. Some of our other websites may include additional or different privacy statements, and if a different privacy statement applies, we will disclose this to you.
ICF may process personal data when providing services under client assignments. In such instances, personal information is collected and processed in accordance with the client privacy policies, not this statement. The relevant client organization privacy statement will describe the collection, handling, rights associated with your processing of personal data and client organization contact details.
This Privacy Statement covers the following areas:
1. Information collection
1.1 We may collect information, including personal data, that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with our existing or potential employees, clients, client constituents, or customers, business contacts, strategic alliances, suppliers, shareholders, and Site users.
1.2 Generally, we collect the below-mentioned information and personal data categories. If the data we collect is not listed in this Privacy Statement, we will give individuals, when required by law, appropriate notice of which other data will be collected and how they will be used.
| Category | Examples | Collected |
|
Information and personal data collected directly |
||
| A. Identifiers |
|
Yes |
| B. Professional or employment-related information |
|
Yes |
| C. Commercial information |
|
Yes |
| D. Personal information inferences |
|
Yes |
| E. Sensitive, special treatment, or protected characteristics |
We do not usually seek to collect the below sensitive personal data through this Site or from users. In the limited situations that we collect sensitive personal data, we will obtain your explicit consent before we collect, use, or otherwise process the below sensitive personal data in accordance with applicable data protection and ePrivacy regulatory requirements
|
Yes |
| F. Non-public education information |
|
Yes |
| G. Inferences drawn from other personal information |
|
Yes |
|
Automatically-collected information |
||
| F. Computer, network, or Internet activity |
|
Yes |
| G. Geolocation |
|
Yes |
| H. Cookies or similar activity |
|
Yes |
| I. Mobile information |
Please see the below “Cookies, beacons and other technologies”, Section 7, or our Cookie Policy for more information. |
Yes |
| J. Email traffic |
|
Yes |
| Other sources – collected information: | ||
| K. Social network information |
|
Yes |
| L. Joint marketing information |
|
Yes |
| M. Publicly available information |
|
Yes |
1.3 Except for certain information that is required by law, your decision to provide any personal data to us is voluntary. You will therefore not be subject to adverse consequences if you do not wish to provide us with your personal data. However, please note that if you do not provide certain information, we may not be able to accomplish some or all of the purposes outlined in this Privacy Statement, and you may not be able to use certain tools and systems which require the use of such personal data.
1.4 Personal data excludes: publicly available information from government records, deidentified or aggregated information, and automated non-identifiable data that cannot be linked back to an individual.
2. Information sources
2.1 Personal data may be collected either directly from you or indirectly from certain third parties (e.g., affiliates, public authorities, public websites, and social media, suppliers, and vendors) when you:
- a. access our Services.
- b. provide personal data by filling in Site forms (e.g., registering an online account, subscribing to Services, newsletters and alerts, registering for a conference, or requesting further information).
- c. submit our online forms or communicate with us by email.
- d. submit reviews or participate in surveys.
- e. upload or post any comments or other content to our Sites, on social media, or blogs.
- f. interact with us on social media.
- g. sign up for our mailing lists, register for events we host or sponsor, submit information as part of certain online Services, or otherwise provide us information through the Sites.
- h. participate in a prize promotion or contest, or related event.
- i. use the Site for online career resources.
- j. are an individual employee or constituent of our clients and other companies with which we have an existing business relationship.
- k. have information on public sources, including, for example, content made public on social media websites.
3. Purposes, legal basis, and use
3.1 We may use, 只有在下列一个或多个主要法律依据和特定商业目的理由存在的情况下,我们才会出售或披露我们收集的个人资料.
| Our Processing Purposes | Our Legal Basis |
| Consent. | Where you have consented in a documented manner to our processing of your personal data. |
| Performing under our contract with you. | To fulfill your request for orders, support, or Services under an existing or potential contract with you; facilitate you conducting business with us or perform a transaction with you; contact employees of our clients, partners and suppliers. For example, where a transaction involves our suppliers or strategic alliances, this may include sharing information with other parts of ICF, ICF's business partners or alliances, clients, financial institutions, and postal or government authorities involved in fulfillment (subject to any confidentiality obligations that may exist). It also may be used to administer and develop our relationship with you. |
| Managing and internally coordinating our relationship with our clients and business contacts | Automated review of email traffic, frequency, and patterns to facilitate and coordinate our relationship with you and provide you with information or Services; improve our relationship management insights and capabilities; help ensure business continuity in the event of ICF staffing changes; and enhance data accuracy. (Should you wish to opt-out of this feature, please contact us through the methods identified below). |
| Facilitating communication with you to provide you with information or Services requested by you. | Facilitating communication with you to provide you with information or Services requested by you. |
| General business management and operations. | To ensure the proper functioning of our business operations and administration of our general business, accounting, record-keeping, and legal functions. |
| Monitoring your use of our systems (including monitoring the use of our Site and any apps and tools you use). | 监控用户在我们系统上的活动,以确保用户遵守适用的法律法规,并没有进行对我们的声誉有负面影响的活动. |
| Social media environment. | To enable online sharing and collaboration among members who have registered to use them; protect our and/or our client assets and our brand on social media; understand sentiment, intent, mood and market trends and our stakeholders’ needs to improve our Services through key-word searches, conversation stream monitoring and analysis; and gain insights in conversation trends over a specified period, but not to identify an individual. |
| Protecting or improving the security and functioning of our Site, networks and information. | To ensure that you receive an excellent user experience and/or maintain the safety, security, and integrity of our Site, Services, information, tools, systems, databases, and other technology assets and business. |
| Audit the downloading of information or documents from our Site. | To get to know our Site visitors’ preferences better and improve services accordingly. |
| Analytics and improving our Sites. | To better understand how users access and use our Sites and Services, and for research analytical purposes to evaluate our Services; ensure the proper functioning of our business operations; improve our Services, business operations, develop services and features; and provide a better user experience. |
| Anonymous and de-identified information. | To assess, improve and develop our business, products, and services, and for similar research and analytics purposes. |
| Historical, statistical, or scientific research and development. | To analyze personal data in order to better understand historical, statistical, or scientific trends subject to appropriate data protection safeguards. |
| Online account registration or administration. | To administer online accounts as part of a contract, authenticate your account and keep it - and our services – secure; enable certain account features; customize your view of the Site or tailor or personalize the information you receive from us; register you for a service or program; or help prevent spam, fraud, and abuse. |
| Marketing communications. | To keep you informed about our Services, updates, offers, events, programs, products, tools, and solutions by post, email, SMS, phone, and fax; develop aggregate analysis and business intelligence and, where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. 我们将提供退订或退出发送给您的任何电子营销通信的选项,您也可以根据下文第14条的规定与我们联系,选择退出. |
| Event, conference, or similar communications (unless you objected to such processing). | Facilitate your participation in your requested private or public forum, event or conference. |
| Contest or prize administration. | To fulfill or meet the reason you provided information as part of your participation in prize promotions, contests, and other promotional offers that we administrate. |
| Content creation / production activities. | To use your personal data for video, TV, film, marketing, advertising, or other related content creation, production, and distribution activities where you are involved with our content / production activities based on prior consent and model releases. |
| Recruitment. | To ensure that we recruit appropriate employees, send relevant information about careers and opportunities, and analyze the effectiveness of our recruitment efforts and resources in connection with a job application or inquiry. More information about how we may use your data during the recruitment process will be provided as part of the recruitment process. |
| Managing our employment contract or relationship with you. | To initiate or take steps at the request of our employees before entering into a contract; ensure contract execution; and assess the performance of, or terminating an employment contract to which our employees are a party. |
| Automated Processing of Employee Data. | 如果自动处理涉及我们的雇佣关系,或者自动化评估敏感个人资料是人员选择的一部分, in compliance with legal requirements and established corporate protocols. |
| Vital interests. | To protect the vital interests of any natural person or ensure proper communication and emergency handling within our organization. |
| Complying with legal obligations. | To comply or fulfill our legal obligations (e.g., law or legal proceedings, employment, labor, tax, or similar legal requirements). |
| Law enforcement requests and harm prevention. | To comply with a law, regulation, legal process, order of a court or by any rule of law or governmental request; protect the safety of any person; protect property or the rights or property of those who use our services; prevent or detect crime; apprehend or prosecute offenders. However, nothing in this Privacy Statement is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your personal data. |
| Protect our legal rights and prevent misuse. | To protect the Sites and our business operations; to enforce our Terms of Use; to prevent and detect fraud, unauthorized activities and access, and other misuse; establish, exercise or defend legal claims; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party; or violations of our Terms of Use or this Privacy Statement. |
| Investor Relations. | To provide shareholders with necessary or useful services with respect to their investment, such as record keeping, processed trades, and mailing information; and send shareholders company relevant information such as invitations to the annual general meeting, annual reports, proxy statements, or other information about the company. |
| Affiliates and Change of Ownership. | To facilitate a merger, acquisition, reorganization, sale of assets, or similar function. |
3.2 Where the above table states that we rely on our legitimate interests for a given purpose, it is our understanding that our legitimate interests are not overridden by your interests, rights or freedoms, given (i) the transparency we provide on our data processing activities, (ii) our data protection by design and default approach, (iii) our routine data protection reviews, and (iv) the rights you have in relation to our data processing activities.
3.3 We will process your personal data for the above-referenced purposes based on your prior consent, to the extent such consent is mandatory under applicable laws.
3.4 To the extent you are asked to click on/check "I accept", "I agree" or similar buttons/checkboxes/functionalities in relation to a privacy statement, we will consider this step as you providing your consent for us to process your personal data, only in the countries where such consent is required by regulations. In all other countries, such action will be considered as a mere acknowledgment. The legal basis of the processing of your personal data will not be your consent but any other above-applicable legal basis.
3.5 We will not collect or use additional personal data categories we collect for materially different, unrelated, or incompatible purposes without providing you notice or, as applicable, your consent; unless it is required or authorized by law, or it is in your own or another person’s vital interest (e.g. in case of a medical emergency) to do so.
4. Data recipients
4.1 Personal data collected in the course of our activities, including in connection with some client services, as well as on the Sites may be shared with:- a. our subsidiaries or affiliates, clients, and strategic alliances on a need-to-know and authorized basis.
- b. our trusted suppliers or service providers, professional advisors, 或其他第三方,在需要知道和授权的基础上,为获得此类访问的目的所必需,并与现有或潜在的公司或商业交易有关. For example, to provide services related to the Sites, our business activities, including in connection with some client services, in the manner agreed upon in our client services agreements, or supporting our interactions with you, including, for example, processing recruitment materials, administering surveys or contests, or communicating with you. When disclosing personal data to third parties, 我们考虑到第三方的数据处理流程,并要求这些第三方维护隐私和安全流程,以确保其个人数据处理活动符合本隐私声明并保障机密性, availability, and integrity of personal data they process on our behalf.
- c. with prospective or actual purchasers, or sellers on a need-to-know and authorized basis in the event of a sale, merger, joint venture, reorganization, assignment, or other transfer or disposition of all or any portion of our business. It also is our practice to require appropriate protection for personal data under each commercial transaction.
- d. with government agencies pursuant to a judicial proceeding, court order, or legal process.
4.2 We may make certain non-personal data available to third parties for various purposes, including for business or marketing purposes or to assist third parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and functionality available through the Service. 我们不会有意披露(并会采取合理步骤防止未经授权或意外披露)您的个人资料予任何第三方作直接促销用途.
5. International transfers
5.1 As a global organization offering a wide range of Services, with business processes, management structures and technical systems that cross borders, 我们的某些披露可能涉及将个人数据转移到当地法律赋予您的权利可能少于您在自己国家/地区的国家或地区. 我们设计了本隐私声明和我们的实践,为世界各地的个人数据提供全球一致的保护水平. This means that before we transfer personal data to those areas, 我们将采取必要的措施,确保您的个人数据得到适用的数据保护要求的充分保护, the below Section 11.2 (“EEA, Switzerland, and UK special notices”) and our Global Data Protection framework.
6. Direct marketing
6.1 As noted, we may send periodic promotional emails to you, and where required by law, we will obtain your consent to do so. 您可根据电子邮件或第14条中的退出指示,随时选择退出此类通信. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you emails about your account or any Services you have requested or received from us.
7. Cookies, beacons, tags, and other technologies
7.1 We use cookies, 我们网站上的网络信标和其他技术,以便收集上述第1条“自动收集的信息”中所述的信息.2, and also to remember your settings and for authentication.
- a. Cookies. Cookies are alphanumeric identifiers that we transfer to your computer's hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Site, while others are used to enable a faster log-in process or to allow us to track your activities while using our Site. Most web browsers automatically accept cookies, but, if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.
- b. Clear GIFs, pixel tags, and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer's hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (also referred to as web beacons, web bugs, or pixel tags), in connection with our services to, among other things, track the activities of users of our services, help us manage content, and compile statistics about usage of our services. We and our third-party service providers also use clear GIFs in HTML emails to our customers, to help us track email response rates, to identify when our emails are viewed, and to track whether our emails are forwarded.
- c. Log files. Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version, and Internet browser type and version. This information is gathered automatically and stored in log files.
- d. Third party analytics. We also use automated devices and applications, such as Google Analytics (more info here) to evaluate the use of our services. We use these tools to gather non-personal data about users to help us improve our services and user experiences. These analytics providers may use cookies and other technologies to perform their services, and may combine the information they collect about you on our Sites with other information they have collected for their own purposes. This Policy does not cover such uses of data by third parties.
- e. Global Privacy Controls (GPC). While older "Do Not Track" initiatives are not currently recognized by Our Site, it does respond to GPCs. For more information about GPCs, please click here. Please see our Cookie Policy for more information.
7.2 You can manage the use of cookies through your browser. You may still use our Site if you reject cookies, but it may limit your ability to use some areas of our Site or otherwise diminish your experience of the Site. You can learn more about cookies at our Cookie Policy.
8. Third-party websites and links
8.1 我们的网站可能包含第三方网站的链接或嵌入第三方应用程序,这些第三方网站受其自己的条款和隐私声明管辖. We may provide links to these third-party sites for your convenience and informational purposes only. For example, 这些链接可能允许您与您可能拥有帐户的网站(如Facebook和其他社交媒体网站)进行互动,或在允许您登录的网站上加入社区, post content, or join communities from our Sites.
8.2 Third-party apps and websites have their own privacy statements and disclosures, which we encourage you to read before interacting with such third-party websites or providing information on or through them. If you follow a link to any of those third-party websites, please note that we do not accept any responsibility or liability for their policies, or processing of your personal data. ICF is not responsible for the content, accuracy of, 或由非ICF或代表ICF运营的任何第三方链接网站设置的cookie,或用于此类第三方网站中包含的任何其他链接. 包含非ICF所有网站的任何链接并不代表ICF对该网站或其内容或准确性的认可,也不意味着第三方网站上表达的观点代表ICF的观点或意见.
8.3 ICF assumes no responsibility or liability for any links to our Sites from another party's website. You may post a link to any portion of the Site without prior written permission. However, 任何此类链接不得使用框架技术或以任何方式表示本网站或其内容与另一个组织相连. In addition, you may not use any meta tags or hidden text in your website that incorporate the ICF name or the names of any ICF affiliate, subsidiary, business, program, or service.
9. Children’s privacy protection
9.1 ICF is committed to protecting children's privacy online.
9.2 Our Sites are not intentionally designed for or directed at children under the age of 13 in the U.S. and 16 in California or EEA, and require no such information be submitted to us. ICF will not knowingly or intentionally collect, store, use, or share, personal data of children anyone children under the age of 13 in the U.S. and 16 in California or EEA without prior documented parental or guardian consent.
9.3 If you are under the age of 13 in the U.S. and 16 in California or EEA, please do not provide any personal data, even if prompted by the Site to do so. If you are under the age of 13 in the U.S. and 16 in California or EEA and you believe you have provided personal data to us, please ask your parent(s) or guardian(s) to notify us and we will delete all such personal data.
9.4 If we become aware that we have inadvertently received personal data from a user under the age of 13 in the U.S. and 16 in California or EEA, we will delete these data from our records.
10. Additional information for California residents
In addition to the information provided in this Privacy Statement, the below information applies if you are a California resident.
10.1 Disclosures of California Residents’ Personal Information for a Business Purpose. In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose:
| Categories | Disclosed |
| A. Identifiers | Yes, to affiliates, service providers, and other vendors |
| B. Personal information categories listed in the California Customer Records Statute (available here) | Yes, to affiliates, service providers, and other vendors |
| C. Protected legal characteristics | Yes, to affiliates, service providers, and other vendors |
| D. Commercial information | Yes, to affiliates, service providers, and other vendors |
| E. Biometric information | No |
| F. Internet activity | Yes, to affiliates, service providers, and other vendors |
| G. Geolocation data | Yes, to affiliates, service providers, and other vendors |
| H. Sensitive Personal Information | Yes |
| I. Audio, electronic, visual, thermal, olfactory, or similar information | Yes, to affiliates, service providers, and other vendors |
| J. Employment or professional information | Yes, to affiliates, service providers, and other vendors |
| K. Non-public education information | Yes, to affiliates, service providers, and other vendors |
| L. Inferences about personal preferences and attributes drawn from profiling or other personal information (e.g. via cookies) | Yes, to affiliates, service providers, and other vendors |
10.2 Sales of Personal Information. Please note that we don’t sell (as “sell” is traditionally defined) your personally identifiable information to anyone else. However, we may use personal information in a manner, such as for cross-context behavioral advertising, which constitutes a “sale” under California’s CCPA. For an overview of your rights, please see section 14 below.
10.3 Information excluded from the CCPA's scope, like:
- a. 《明升m88备用》(HIPAA)和《明升m88备用》(CMIA)涵盖的健康或医疗信息或临床试验数据;
- b. personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
11. EEA, Switzerland, and UK residents’ special notices
In addition to the information provided in this Privacy Statement, the below information applies if you are located in the EEA, Switzerland, or UK.
11.1 In addition to the information provided in this Privacy Statement, where we transfer personal data from inside the European Economic Area (EEA) to outside the EEA, we are required to take specific measures to safeguard the relevant personal data.
11.2 Unless you are otherwise notified, 将您的个人数据从欧洲经济区(EEA)内转移到欧洲经济区以外的第三方,将基于适用的数据保护法规, an adequacy decision (see the full list here ), or are governed by the model contractual clauses approved by the EU Commission, 或其他司法管辖区的类似合约条款,为个人资料提供适当的保障及足够程度的保护. This includes transfers to suppliers or other third parties. You can request a copy of the EU model contractual clauses here. 您的个人数据的任何其他非欧洲经济区相关的转移将按照适当的国际数据转移机制和标准进行.
11.3 如果您希望查看适用于导出您的个人数据的具体保障措施的副本或获取我们的数据保护政策的副本,请按照下文第16条的规定与我们联系.
11.4 For data subject requests (DSR), we kindly ask you to contact us through the methods identified below.
12. Retention
12.1 We retain relevant personal data in each category identified in Section 10.1 only as long as necessary to meet the criteria outlined in above Section 1.2.
| Categories | Retention Period |
| A. Identifiers | Only as long as necessary to meet the criteria outlined in 1.2 |
| B. Personal information categories listed in the California Customer Records Statute (available here) | |
| C. Protected legal characteristics | |
| D. Commercial information | |
| E. Biometric information | |
| F. Internet activity | |
| G. Geolocation data | |
| H. Sensitive Personal Information | |
| I. Audio, electronic, visual, thermal, olfactory, or similar information | |
| J. Employment or professional information | |
| K. Non-public education information | |
| L. Inferences about personal preferences and attributes drawn from profiling or other personal information (e.g. via cookies) |
12.2 We retain personal data about unsuccessful candidates/applicants for 12 months following submission in the U.S., Canada, and Brazil, and for 6 months in Europe and Asia.
13. Personal data accuracy, privacy, and security
13.1 We intend to maintain personal data accuracy, completeness, current status, and security. In the event of changes in your personal data, you may inform us to make sure that our information is up-to-date.
13.2 We implement commercially reasonable physical, administrative and technical safeguards to help us protect the confidentiality, security, and integrity of your personal data and prevent the loss, misuse, unauthorized access, unauthorized interception, or information alteration. For example, ICF takes appropriate measures to make sure that the personal data you provide is stored on computer servers in controlled, secure environments.
13.3 All of our partners, employees, consultants, workers, and data processors (i.e., those who process your personal data on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of such personal data.
13.4 Your choice to disclose personal data in an email submission or online form is voluntary. Unfortunately, no data transmission over the Internet is 100% secure. While we strive to protect your personal data, 我们无法保证或保证任何此类个人数据的安全性,也无法完全确保您的私人通信和其他个人数据不会被ICF或其业务合作伙伴无意中披露给第三方, agents, subcontractors, or other third-party vendors. Although we take commercially reasonable precautions to maintain the security of our Sites and servers, third parties may unlawfully intercept or access transmissions or private communications.
14. Your rights and choices
14.1 Global Data Subject Rights
Laws across the globe grant individuals certain rights in connection with our data processing. These rights are identified in the table 14.7. together with a non-exhaustive explanation.
Please note that legal conditions, exceptions, or limitations apply to your rights (e.g., to protect third parties or trade secrets or due to our professional obligation of confidentiality). We reserve the right to redact copies or to supply only excerpts for reasons of data protection or confidentiality.
ICF complies with localized legal requirements for your personal data. Even if you do not see your own region listed in this section, 如果您希望行使您的权利,请联系ICF的数据保护团队,我们将根据适用法律响应您的请求.
Before we respond to a request, 我们可能会采取某些步骤,并要求提供我们认为必要的额外信息,以确定您的身份和您的请求的真实性.
To make an inquiry or to exercise your rights, please use our Data Subject Request Form or contact us via one of the methods identified below.
14.2 U.S. Residents of Certain States
U.S. Residents of California (CL), Colorado (CO), Connecticut (CT), Nevada (NV), Oregon (OR), Utah (UT), Texas (TX), and Virginia (VA), have certain specific rights regarding their personal data. Depending on your state of residence, these rights may differ. Please see the table contained within Table 14.7 to see what rights you may have.
a. 如果下列任何例外情况需要我们为我们或我们的服务提供商保留信息,我们可能会拒绝您的删除请求:- - Complete the transaction for which we collected the personal data, provide Services that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- - Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- - Debug products to identify and repair errors that impair existing intended functionality.
- - Exercise free speech, ensure the right of other individuals to exercise their free speech rights, or exercise another right provided for by law.
- - Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- - Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, 如果您事先提供了知情同意,删除信息可能会使研究成果无法实现或严重损害研究成果.
- - Enable solely internal uses that are reasonably aligned with individual’s expectations based on your relationship with us.
- - Comply with a legal obligation.
- - Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- b. If you are a resident of California, Colorado, Connecticut, Nevada, Utah, or Virginia, and wish to exercise your consumer rights, please contact us through the methods identified below or by visiting Do not sell my personal information | ICF. Please note that we don’t sell (as “sell” is traditionally defined) your personally identifiable information to anyone else. However, we may use personal information in a manner, such as for cross-context behavioral advertising, which constitutes a “sale” under California’s CCPA.
14.3 EEA, UK, and Switzerland (CH) residents
a. Individuals located in the EEA, UK, and Switzerland have additional specific rights regarding their personal data as detailed below in Table 14.7. This section describes your rights and explains how to exercise those rights.
14.4 Residents of Canada (CA), including Quebec (QC)
a. Individuals located in Canada have additional specific rights regarding their personal data as detailed below in Table 14.7. This includes additional rights granted to Canadian residents of Quebec. This section describes your rights and explains how to exercise those rights.
14.5 Residents of India (IN)
a. Individuals located in India have specific rights regarding their personal data, as identified below in Table 14.7. This section describes your rights and explains how to exercise those rights.
14.6 Residents of China (PRC)
a. Individuals located in China have specific rights regarding their personal data, as identified below in Table 14.7., subject to certain exceptions as provided by Chinese laws. If you wish to exercise any of your rights under the PIPL, please contact us. Unless you have arranged otherwise, in the event of your death, a close relative may exercise these rights to your personal information.
14.7 Table of Applicable Rights
| Categories | Rights | Applicable Regions |
| Access (to know or be informed). | If you ask us, we will confirm whether we are processing your personal data and, if necessary, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee. | CL, CO, CT, OR, UT, TX, VA |
| CH, EEA, UK | ||
| CA, QC | ||
| IN, PRC | ||
| Correction (rectification). | If the personal data we hold about you is inaccurate or incomplete, you are entitled to request to have it corrected. If you are entitled to have the information corrected and if we have shared your personal data with others, we will let them know about the rectification where possible. If you ask us, we will also tell you, where possible and lawful to do so, with whom we have shared your personal data so that you can contact them directly. | CL, CO, CT, OR, TX, VA |
| CH, EEA, UK | ||
| CA, QC | ||
| IN, PRC | ||
| Erasure (deletion). | You can ask us to delete or remove your personal data in some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to erasure and if we have shared your personal data with others, we will let them know about the erasure where possible. If you ask us, we will also tell you, where it is possible and lawful for us to do so, with whom we have shared your personal data with so that you can contact them directly. | CL, CO, CT, UT, VA |
| CH, EEA, UK | ||
| CA, QC | ||
| IN, PRC | ||
| Restrict (block) Processing. | You can ask us to restrict the processing of your personal data in certain circumstances, such as where you contest the accuracy of that personal data or you object to us. If you are entitled to restriction and if we have shared your personal data with others, we will let them know about the restriction where it is possible for us to do so. If you ask us, we will also tell you, where it is possible and lawful for us to do so, with whom we have shared your personal data so that you can contact them directly. You also have the right to decide on the processing of your Personal Information (PRC). | CA |
| CH, EEA, UK | ||
| QC | ||
| PRC | ||
| Restrict the Sale or Sharing. | You have the right to opt-out of the sale or sharing, as defined under the applicable privacy law, of your personal information. | CL, CO, CT, OR, NV, UT, TX, VA |
| QC | ||
| Data Portability. | You have the right, in certain circumstances, to receive a copy of personal data we've obtained from you in a structured, commonly used and machine-readable format, and to reuse it elsewhere or to ask us to transfer this to a third party of your choice. | CL, CO, CT, VA |
| CH, EEA, UK | ||
| QC | ||
| PRC | ||
| Automated Decision-making and Profiling. | You have the right not to be subject to a decision when it's based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us. | CL, CO, CT, OR, TX, VA |
| CH, EEA, UK | ||
| QC | ||
| PRC | ||
| Withdraw Consent. | If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time. However, this does not affect the lawfulness of the processing before consent was withdrawn. | CL, CO, CT, VA |
| CH, EEA, UK | ||
| CN, QC | ||
| IN, PRC | ||
| Lodge a complaint with the Supervisory Authority. | If you have a concern about any aspect of our privacy practices, including the way we've handled your personal data, you can report it to the relevant supervisory authority. | CL, CO, CT, OR, UT, TX, VA |
| CH, EEA, UK | ||
| QC | ||
| Shine the Light Request. | This is an additional type of access right is available to California residents. 您也可能有权要求我们向您提供(a)我们在前一个日历年度为直接营销目的向第三方披露的某些类别的个人信息的列表,以及(b)这些第三方的身份. | CL |
| Non-discrimination. | You have the right to not be discriminated against for exercising your privacy rights. | CL, CO, CT, VA |
| CH, EEA, UK | ||
| QC | ||
| Appeal the denial of a DSR. | You have the right to appeal Our denial of your request to exercise your rights under the applicable privacy law. | CL, CO, CT, VA |
| CH, EEA, UK | ||
| QC |
14.5 Exercising Access, Data Portability, and Deletion Rights
- a. General. You may, at any time, exercise your right to decline to supply certain information while using our Sites. Please bear in mind that you, however, may not be able to access certain content or participate in some features on our Sites. If you tell us that you do not want us to use your information to make further contact with you beyond fulfilling your request, we will respect your wishes.
- b. Marketing. You may, at any time, exercise your right to prevent us from sharing marketing materials with you by checking certain boxes on our forms, utilizing the unsubscribe or opt-out mechanisms in the emails we send you, indicating so when we call you, or use our Data Subject Request Form. For best results, please forward a copy of the mailing you received from ICF. In such cases, we will retain minimum personal data to note that you opted out in order to avoid contacting you again.
- c. Newsletters, messages, and mailings. 如果您订阅了一份或多份我们的通讯,或通过电子邮件或邮政邮件收到ICF的信息,并希望修改或取消这些邮件, please follow the instructions in the mailing, send an email to dataprotection@eivissaluxury.com, or use our Data Subject Request Form. For best results, please forward a copy of the mailing you received from ICF. In such cases, we will retain minimum personal data to note that you opted out in order to avoid contacting you again.
- d. Cookies. If you want to remove existing cookies from your device, you can implement those steps by using your browser options. If you want to block future cookies being placed on your device, you can change your browser settings to do this. When you review your browser settings or options, you can identify the ICF cookies in the name. Unless you have adjusted your browser settings to block cookies, our system will issue cookies as soon as you visit our Sites or click a link in a targeted email we have sent you, even if you have previously deleted our cookies. 请记住,删除和阻止cookie将对您的用户体验产生影响,因为本网站的某些部分可能不再工作. For more information on managing cookies, see www.allaboutcookies.org/manage-cookies.
- e. Data Subject Access Requests. You may exercise your rights to access, data portability, and deletion rights by using one of the contact methods indicated below.
- f. Legitimate Interest or Legal Obligation Exceptions. 请注意,如果我们有压倒一切的合法利益或法律义务继续处理个人数据,则上述某些权利可能会受到限制, or where the personal data may be exempt from disclosure due to applicable law.
Further information about how you can exercise your rights, including your right to appeal our decision in regards to a consumer right’s request:
| U.S. residents of certain states | Individuals located in EEA, Canada, Switzerland, or UK |
| A. Who may make a request. Residents of the regions identified in Table 14.7 or those authorized to act on their behalf may make a verifiable DSAR related to their personal data. For example, an authorized representative can be a parent making a request on behalf of their child.
Note for US residents: You may only make a verifiable DSAR for access or data portability twice within a 12-month period. |
|
| B. How you may make a request. 您或您的代表有权通过使用本页底部所示的方法与我们取得联系,行使适用于您的任何权利. Please note that these rights may be subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will carry out your request (and, when applicable, direct our service providers to do so as well), unless an exception applies. However, selecting this option may prevent you from receiving Services, receiving program or similar updates, or accessing certain Site features.
注:上述美国各州的居民或正式授权代表其行事的居民可通过点击以下“请勿出售我的个人数据”按钮要求我们不出售他们的个人数据. 加州居民也可以通过点击下面的“限制使用我的敏感个人信息”按钮,要求我们限制使用他们的敏感个人信息. However, selecting these options may prevent you from receiving Services, receiving program or similar updates, or accessing certain Site features. |
|
| C. Response Timing and Format. We endeavor to respond to a verifiable consumer request within: | |
| 45 days of its receipt for residents of the US states identified above. Any disclosures we provide will only cover the 12-month period preceding the verifiable DSAR receipt. | 30 days for individuals located in EEA, Quebec, Switzerland, or UK. Any disclosures we provide will cover appropriate time frames under applicable regulatory requirements. |
| If we require more time to respond to a DSAR, we will inform you of the reason and extension period in writing before the required response time. If you have an account with us, we will deliver our written response to the registered email associated with the account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. The response also we provide will explain the reasons we cannot comply with a request, if applicable. For data portability requests, 我们将选择一种易于使用的格式来提供您的个人资料,并应允许您将信息不受阻碍地从一个实体传输到另一个实体. | |
| D. DSAR Fees | |
| We do not charge California, Colorado, Connecticut, Utah, Virginia, or other residents a fee to process or respond to verifiable DSAR unless it is excessive, repetitive, or manifestly unfounded. | We do not charge individuals located in EEA, Quebec, Switzerland, 处理或回应可核实的DSAR的费用,除非费用过高或明显没有根据,以保证支付“合理费用”来支付我们遵守要求的行政成本 |
| If we determine that a DSAR warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing the DSAR. | |
| E. Verified DSAR. 如果我们无法核实您的身份或提出要求的权限,并确认个人资料与您有关,我们将无法回应dsr或提供相关的个人资料. Making a verifiable DSAR does not require you to create an account with us. We will only use personal data provided in a verifiable DSAR to verify the requestor’s identity or authority to make the request. | |
| F. Non-Discrimination. We will not discriminate against any individual for exercising any of their respective DSAR rights. Unless permitted by law, we will not deny you the use of our Services or provide you with a different level or quality of Services . | |
| G. Appeals. Where applicable law applies, you may appeal the denial of their DSAR by contacting us as detailed below. | |
15. Notification of our privacy statement changes
15.1 We may make changes to this Privacy Statement from time to time, to reflect changes in our practices. We also may make changes as required to comply with changes in applicable law or regulatory requirements. Where we materially change this Policy, we will take steps to notify you (such as by posting a notice on the Site or via email), and where required by applicable law to obtain your consent.
16. Privacy questions and how to contact us
16.1 Please use our Data Subject Request Form or contact us through one of the methods identified below if you:
- a. have questions about this Privacy Statement or how we process or protect your personal data.
- b. have questions regarding exercising your personal data rights under, for example, the DSAR as outlined in the above Section 14.3.
- c. like a copy of the full version of our data protection policy.
- d. wish to make a complaint about our use of your personal data.
- e. have questions or concerns about this Privacy Statement or our Sites and email marketing practices, please use any of the above below contact means.
Data Protection Officer: Geraldine Henbest
E-mail: dataprotection@eivissaluxury.com
Phone (Toll free): 1.800.661.2164
Mail:
| Residents of the U.S. and Canada | Residents of the EEA, UK, and Switzerland |
| ATTN: Data Protection Officer ICF 1902 Reston Metro Plaza Reston, VA 20190 |
ATTN: Data Protection Officer ICF Riverscape 10 Queen Street Place London England EC4R 1BE |
Please note that no permission is granted for you to use ICF's logo, icons, or content. You must obtain our prior written permission to post additional graphic or textual material along with your link to our Sites.