Last updated 1 March 2021
Protection of Personal Information – Privacy Notice
THE PROTECTION OF PERSONAL INFORMATION ACT
CUSTOMER PRIVACY NOTICE
This Notice explains how we obtain, use and disclose your personal information, in accordance with the requirements of the Protection of Personal Information Act (“POPIA”).
At Itblue Solutions (including this website) we are committed to protecting your privacy and to ensure that your personal information is collected and used properly, lawfully and transparently.
About the Company
Itblue Solutions Pty Ltd
In this overview, we summarize the personal data we collect and how we use it, which is further explained in our Privacy Notice below. Keep in mind that the actual personal data we collect, and how we use it, varies depending upon the nature of our relationship and interactions with you. Also, in some cases (such as where required by law), we ask for your consent or give you certain choices prior to collecting or using certain Personal Data.
The information we collect
Categories of Personal Data Collected. Generally, we collect the following types of Personal Data:
Identifiers: includes direct identifiers, such as name, username, account name, address, phone number, email address, online identifier, IP address, or other similar identifiers.
Customer records: includes personal information, such as name, signature, contact information, and payment information, that individuals provide us in order to purchase or obtain our products and services.
Commercial information: includes records, products, or services purchased, obtained, or considered, or other purchasing or use histories.
Usage details: includes browsing history, clickstream data, search history, access logs, and other usage data and information regarding an individual’s interaction with our websites and services, and our marketing emails and online ads.
Geo-location data : includes precise location information about a particular individual or device.
Audio, video and electronic data: includes audio, electronic, visual, thermal, olfactory, or similar information, such as CCTV footage (e.g., collected from visitors to our offices) and call recordings (e.g., of Customer support calls).
Professional information: includes professional and employment-related information, such as current and former employer(s) and position(s) and business contact information.
Inferences: includes inferences drawn from other personal information that we collect to create a profile reflecting an individual’s preferences, behavior, or other characteristics. For example, we may analyze personal information in order to identify the offers and information that may be most relevant to Customers, so that we can better reach them with relevant offers and ads.
Website usage information may be collected using “cookies” which allows us to collect standard internet visitor usage information.
How we use your information
We will use your personal information only for the purposes for which it was collected and agreed with you. In addition, where necessary your information may be retained for legal or research purposes.
Use of Personal Data. In general, we may use and disclose the personal information we collect for the following business and commercial purposes:
Operating Sites and Services and providing related support
Responding to requests
Analyzing and improving the Sites, our Services, and our business
Advertising and marketing
Protecting our legal rights and preventing misuse
Complying with legal obligations
Relating to our general business operations
Scope of this Privacy Notice
This Privacy Notice applies to and describes the Personal Data that we collect as a “data controller” or a “business,” including the Personal Data that we collect about:
Visitors of ITBLUE’s website(s);
Individuals who register to use our products and services;
Individuals who register for or attend our webinars, conferences, and other events; or
Other individuals who communicate or interact with us about our products, services, or business.
Personal Data. In this Privacy Notice, “Personal Data” generally means information that identifies or relates to an identifiable individual or is linked or reasonably linkable to an individual.
This Privacy Notice does not apply to the Personal Data that we collect and process about employees, applicants and contractors; different privacy notices apply to those data sets. Further, this Privacy Notice does not apply to the Personal Data that we receive, process or store certain on behalf of our Customers (“Customer Data”), as further explained below.
Additional disclosures or information about processing of Personal Data related to specific websites, mobile applications, products, services, or programs may be provided to you. These may supplement and/or clarify ITBLUE’s privacy practices in specific circumstances and provide you with additional choices as to how ITBLUE may process your Personal Data.
We are a “processor” or “service provider” for Customer Data and will only process Customer Data on behalf of and in accordance with the instructions of our Customers, who are the “controllers” or “businesses” for their respective Customer Data. Customer Data is owned and controlled by our Customers. Customer Data may include information from the end points and other systems, tools, or devices that Customers manage or monitor using our Services, and end user data related to activities on the relevant networks and systems. It may also include event logs, end user information (such as IP address, email address and computer name), and other Personal Data, where relevant. Our Customers’ respective privacy policies apply to and govern the processing of Customer Data, not this Privacy Notice. For privacy information related to Customer Data, please reach out to the respective Customer directly. Our Customers’ privacy and security practices are their own and differ from those set forth in this Privacy Notice.
Where Personal Data is transferred outside RSA, ITBLUE implements measures to adequately protect your Personal Data, such as by putting in place standard contractual clauses as approved by the POPIA. More information about the measures we implement and the RSA standard contractual clauses, is in the International Transfer of Personal Data section below.
Personal Data We Collect
ITBLUE collects Personal Data as part of its normal business operations and in the administration of Customer relationships, which may include:
Business Contact and Customer Relationship Management. We collect and maintain information about our Customers, which may include company name, business contact name and title, phone number, email, and other contact details. We may also collect billing address, financial account, credit card information, order details, subscription and license information, and usage details. In addition, we collect user credential and profile data (name, contact, authorized users).
Data Submitted on Sites. In order to enjoy the full functionality of the Sites or to conduct business with us, you may be prompted to provide certain Personal Data to us:
By filling in forms (for example, a “Contact Us” form) on our Sites, at a trade show, or anywhere else we conduct business;
By downloading or accessing the ITBLUE Services;
By downloading documentation from our Sites;
By subscribing to newsletters or other communications; or
By corresponding with us by phone, e-mail, or otherwise using our contact details.
Typically, Personal Data includes name, business affiliation, business address, telephone number, and email address, and any other personal details provided or required to resolve inquiries or complaints.
Customer Support and Service. When Customers contact us for support or other customer service requests, we maintain support tickets and other records related to the requests. We may also collect call recordings related to support and customer service-related calls.
Usage Details. We collect information about Customers’ usage of our Services, including IP address, Customer ID, email address, and other usage statistics. We do not collect usage details about Customer end users, except as necessary to provide and support the Services requested by Customers.
When you visit our Sites, our server automatically collects certain browser or device-generated information, which may in some cases constitute Personal Data, including but not limited to:
Your IP address;
The date, time, and duration of your visit;
Your browser type;
Your operating system;
Your page visits;
Information from third parties;
Other information about your computer or device; or
Third Parties. We may also obtain Personal Data about Customers from third parties unless prohibited by applicable law, including third parties from whom we have purchased Personal Data, public databases, resellers, channel partners, and marketing partners. We may combine this information with Personal Data provided by you. This helps us to update, expand, and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you.
Aggregate and De-identified Data. We may de-identify and aggregate certain data we collect such that the data no longer identifies or can be linked to a particular Customer or an individual data subject (“De-identified Data”), subject to the terms of any applicable customer agreements. We may use this De-Identified Data to improve our Services, analyze trends, publish market research, and for other marketing, research, or statistical purposes, and may disclose such data to third parties for these specific purposes.
Other Data. ITBLUE collects, uses and maintains certain data related to its business and the Services it provides to Customers, which is not Personal Data; this Privacy Notice does not restrict our use and processing of such data.
Use of Personal Data
In this section, we explain the purposes for which we process your Personal Data, as well as the legal bases for doing so under certain applicable laws.
Legal Bases. Certain laws, including the POPIA require that we inform you of the legal bases for our processing of your Personal Data. Pursuant to these laws, we process Personal Data for the following legal bases:
Performance of contract: the processing is necessary to perform a contract with you or take steps to enter a contract at your request;
Compliance with law: the processing is necessary for us to comply with a relevant legal obligation (for example, laws that require us to collect tax information from Customers, carry out checks on Customers, or that compel us to disclose information to public authorities or regulators);
Our legitimate interests: the processing is in our legitimate interests, subject to your interests and fundamental rights, and notably our legitimate interest in using applicable data to conduct and develop our business activities, such as developing and maintaining relationships with our Customers (the majority of the processing covered by this Privacy Notice is legitimate interest based);*
Defend our rights: where the processing is necessary to the establishment, exercise or defense of legal claims; or
With your consent: you have consented to the processing (for example, where we are required by local law to rely upon your prior consent for the purposes of direct marketing).
*In all cases where legitimate interests are relied upon as a lawful basis, we take steps to ensure that our legitimate interests are not outweighed by any prejudice to your rights and freedoms. This is achieved in a number of ways, including the application of principles of data minimization and security, and by taking steps to ensure that Personal Data is collected, where it is relevant, for lawful business activities, and when using Personal Data, it is reasonably necessary for those activities.
Purposes of Collection and Processing. The purposes for which we may process Personal Data vary depending upon the circumstances. Generally, we use Personal Data for the following business and commercial purposes:
Operating Sites and Services and providing related support: to provide and operate the Services, communicate with you about your use of the Services, provide troubleshooting and technical support, respond to your inquiries, fulfill your orders and requests, process your payments, communicate with you, and for similar service and support purposes. (Legal bases: performance of our contract with you; and/or our legitimate interests)
Responding to requests : to respond to your inquiries and requests. (Legal basis: performance of our contract with you)
Analyzing and improving our Sites, the Services, and our business: to better understand how you access and use the Services, in order to administer, monitor, and improve our services, for our internal purposes, and for other research and analytical purposes. (Legal basis: our legitimate interests)
Personalizing experiences: to tailor content we may send or display on our websites, including to offer location customization and personalized help and instructions, and to otherwise personalize your experiences. (Legal basis: our legitimate interests)
Advertising and marketing to Customers: to promote our Services on third party websites, as well as for direct marketing purposes, including to send you newsletters, Customer alerts and information we think may interest you. (Legal bases: our legitimate interests; and/or with your consent)
Complying with legal obligations: to comply with the law or legal proceedings. For example, we may disclose information in response to subpoenas, court order, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements. (Legal bases: our legitimate interests; and/or compliance with laws)
Related to our general business operations: to consider and implement mergers, acquisitions, reorganizations, and other business transactions, and where necessary to the administration of our general business, accounting, record keeping and legal functions. (Legal bases: our legitimate interests; and/or compliance with laws)
Aggregate and De-identified Data. We may also use aggregate and de-identified data to improve and develop our business and Services, and for similar research and analytics purposes.
Disclosure of information
ITBLUE may share Personal Data with our affiliated businesses as part of our business operations and administration of the Services. We may also appoint third party service providers (who will operate under our instructions) to assist us in providing information, products or services to you, in conducting and managing our business, or in managing and improving our Services or the Sites. ITBLUE may share your Personal Data with these affiliates and third parties to perform Services on ITBLUEs behalf, subject to appropriate contractual restrictions and security measures.
In general, we may disclose Personal Data as follows:
Customers: if you use, access or communicate with us about our Services on behalf of your company (our Customer), we may share Personal Data about your access, and your communications or requests, with the relevant Customer.
Service providers : to third party service providers who perform functions on our behalf. Third party service providers will only process your Personal Data in accordance with our instructions and will implement adequate security measures to protect your Personal Data.
Advertising and analytics partners : to third parties we engage to provide advertising, campaign measurement, online and mobile analytics, and related services to us (with your consent, where required by applicable laws).
In response to legal process: in order to comply with the law, judicial proceedings, a court order, or other legal process, such as in response to a subpoena.
Business transfers: as part of any merger, sale, and transfer of our assets, acquisition, or restructuring of all or part of our business, bankruptcy, or similar event, including related to due diligence conducted prior to such event where permitted by law.
Aggregate or Anonymous Data. We also may share aggregate, anonymous, or de-identified data with third parties for research, analytics, and other purposes, provided such information does not identify an individual.
International Transfers of Personal Data
ITBLUE and our service providers may transfer your Personal Data to, or access it in, jurisdictions (including the United States and other jurisdictions where we, our affiliates, and service providers have operations) that do not include equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your Personal Data receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements.
If you are in the RSA, and we process your Personal Data in a jurisdiction that the POPIA has deemed to not provide an adequate level of data protection (a “third country”), we will implement measures to adequately protect your personal data, such as by putting in place standard contractual clauses as approved by the POPIA
The Sites, Services and portal are not for use by children under the age of 16 years and N-able does not knowingly collect, store, share or use the Personal Data of children under 18 years. If you are under the age of 18 years, please do not provide any Personal Data to ITBLUE, even if prompted to do so. If you are under the age of 18 years and you have provided Personal Data, please ask your parent(s) or guardian(s) to notify ITBLUE, and ITBLUE will delete all such Personal Data.
Where lawful to do so, and subject to your consent where required, we may communicate with Customers (and related business contacts) about our Services. If you wish to unsubscribe from receiving marketing communications, please visit the Email Preference Center on our Site or use the Email Preference Center link in our promotional emails to request cessation of these communications.
ITBLUE maintains (and requires its service providers to maintain) organizational and technical measures designed to protect the security and confidentiality of Personal Data we process. Various measures that ITBLUE utilizes are further described in its Security Statement. However, no environment or security procedures or protocols are ever guaranteed to be 100% secure or error-free. Accordingly, we cannot be held responsible for unauthorized or unintended access that is beyond our control. We encourage you to take care when disclosing Personal Data online and use readily available tools and security measures to protect yourself online.
Retention of Personal Data
We generally keep Personal Data for as long as necessary to fulfill the purposes for which it was collected. In some circumstances, however, we may retain Personal Data for other periods of time, including where we are required to do so in accordance with legal, tax, and accounting requirements or if required to do so by a legal process, legal authority, or other governmental entity capable of making this request.
In specific circumstances, we may also retain your Personal Data for longer periods of time, which may correspond to a statute of limitations, so that we have an accurate record of your dealings with us in the event of any complaints or challenges.
Third Party Links
The Sites may contain links to third party sites. ITBLUE does not control and is not responsible for the privacy practices of such websites. We encourage you to review the privacy policies of these third-party sites. ITBLUE accepts no responsibility arising from or regarding such third-party websites.
Privacy Rights and Choices
In this section, we describe the rights and choices you have regarding your Personal Data. You may submit a privacy request by using the contact methods provided on our website. We will respond to your request consistent with applicable law. If you would like to submit a request relating to Customer Data, you should contact the relevant Customer directly; if you submit a request to us related to Customer Data, we will forward your request to the relevant Customer (where known) so that they may respond to your request.
Access, correction, and deletion. You may submit requests for access, correction, or deletion to us as directed above. We will process your request in accordance with applicable privacy laws. We may ask you for additional information so that we can confirm your identity or process your request.
Direct marketing. You may always opt out of direct marketing emails. If you would like to unsubscribe from ITBLUE marketing emails or otherwise change your email preferences, go to our Email Preference Center on our Site or use the Email Preference Center link in our promotional emails to request cessation of these communications. We may continue to send you transactional or service-related communications, such as service announcements and administrative messages.
Complaints. We will take steps to try to resolve any complaint you raise regarding our treatment of your Personal Data. You also have the right to raise a complaint with the privacy regulator in your jurisdiction.
Individuals have the right to access the Personal Data processed about them, subject to applicable law; individuals may request to access their Personal Data processed by us by contacting us. You have the right to ask us to update, correct or delete your personal information.
Changes to Our Privacy Notice
ITBLUE will review and update this Privacy Notice periodically to respond to changing legal, technical, and business developments. We will note the date of its most recent revision herein. Please review this Privacy Notice frequently to be informed of your rights and how ITBLUE is protecting your Personal Data.
How to contact us
If you have any queries about this notice; you need further information about our privacy practices; wish to withdraw consent; exercise preferences or access or correct your personal information, please contact us at the numbers/addresses listed on our website.