Privacy Policy

At Infovanta, we understand that privacy and data security are paramount in the consulting industry. This Privacy Policy outlines how we collect, use, store, and protect information in connection with our IT consulting and digital workflow advisory services. By engaging with our services or website, you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide Directly

When you engage with Infovanta, you may provide us with various types of information, including:

• Contact Information: Name, email address, phone number, job title, and company name
• Business Information: Company size, industry, organizational structure, and business objectives
• Technical Information: Details about your current IT infrastructure, software systems, technology stack, and digital workflows
• Financial Information: Billing information, payment details, and transaction history (processed through secure third-party payment processors)
• Communication Records: Emails, messages, meeting notes, and other correspondence related to our engagements
• Project Documentation: Requirements, specifications, feedback, and any materials you share for analysis

1.2 Information Collected Automatically

When you visit our website or interact with our digital platforms, we automatically collect certain information:

• Device Information: IP address, browser type and version, operating system, device identifiers
• Usage Data: Pages visited, time spent on pages, navigation paths, click patterns, and interaction with content
• Technical Data: Screen resolution, time zone settings, browser plug-ins, and referring URLs
• Cookie Data: Information stored through cookies and similar tracking technologies (see Section 8)

1.3 Information from Third-Party Sources

We may receive information about you from:

• Public databases and business information services
• Professional networking platforms (e.g., LinkedIn)
• Referral partners with whom you've authorized information sharing
• Analytics providers and marketing platforms

2. How We Use Your Information

2.1 Service Delivery

We use your information primarily to provide, maintain, and improve our consulting services:

• Conducting infrastructure analysis and workflow assessments
• Preparing technical reports and strategic recommendations
• Communicating about projects, deliverables, and timelines
• Responding to inquiries and providing customer support
• Customizing our services to meet your specific needs

2.2 Business Operations

Information is used to operate and improve our business:

• Processing payments and maintaining financial records
• Managing client relationships and engagement history
• Conducting internal analytics to improve service quality
• Training our team and developing methodologies
• Ensuring security and preventing fraud

2.3 Communication and Marketing

With your consent, we may use your information to:

• Send newsletters, industry insights, and thought leadership content
• Inform you about new services or capabilities
• Invite you to webinars, events, or educational sessions
• Request feedback on our services
• Provide case studies or success stories (with explicit permission only)

2.4 Legal and Compliance

We process information as necessary to:

• Comply with legal obligations and regulatory requirements
• Enforce our Terms of Service and other agreements
• Protect our rights, property, and safety, as well as those of our clients
• Respond to legal processes, court orders, or government requests
• Investigate and prevent fraud, security incidents, or technical issues

3. Legal Basis for Processing (GDPR Compliance)

For individuals in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data based on the following legal grounds:

3.1 Contractual Necessity

Processing is necessary to perform our contract with you, including delivering consulting services and preparing deliverables.

3.2 Legitimate Interests

We process data to pursue our legitimate business interests, such as:

• Improving service quality and operational efficiency
• Conducting business analytics and market research
• Ensuring network and information security
• Preventing fraud and abuse
• Pursuing business development opportunities

3.3 Consent

Where required by law, we obtain your explicit consent before processing data for marketing communications or non-essential cookies.

3.4 Legal Obligations

We process data to comply with applicable laws, regulations, and legal processes.

4. How We Share Your Information

4.1 No Sale of Personal Information

Infovanta does not sell, rent, or trade your personal information to third parties for their marketing purposes.

4.2 Service Providers

We engage trusted third-party service providers who assist in our operations:

• Payment Processors: To handle billing and payment transactions securely
• Cloud Service Providers: For data storage and infrastructure hosting
• Analytics Platforms: To understand website usage and improve user experience
• Communication Tools: For email services, video conferencing, and project management
• Professional Services: Legal, accounting, and auditing firms when necessary

All service providers are contractually bound to protect your information and use it only for specified purposes.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity. You will be notified of any such change and given the opportunity to delete your information if desired.

4.4 Legal Requirements

We may disclose information when required by law or in good faith belief that such disclosure is necessary to:

• Comply with legal obligations, court orders, or government requests
• Enforce our agreements and policies
• Investigate potential violations or security incidents
• Protect the rights, property, or safety of Infovanta, our clients, or the public

4.5 Aggregated and Anonymized Data

We may share aggregated, anonymized data that cannot be used to identify you individually. This may include industry trends, benchmarking data, or statistical analysis used for research or marketing purposes.

5. Data Security and Protection

5.1 Security Measures

Infovanta implements comprehensive security measures to protect your information:

• Encryption: Data is encrypted in transit using TLS/SSL protocols and at rest using industry-standard encryption algorithms
• Access Controls: Strict access controls ensure only authorized personnel can access confidential information
• Authentication: Multi-factor authentication is required for access to sensitive systems
• Network Security: Firewalls, intrusion detection systems, and regular security audits protect our infrastructure
• Employee Training: All team members undergo regular security and privacy training
• Incident Response: We maintain documented procedures for responding to potential security breaches

5.2 Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Notify affected individuals within 72 hours of discovery (as required by applicable law)
• Provide details about the nature of the breach and information affected
• Explain the steps we're taking to address the breach and prevent recurrence
• Offer guidance on protective measures you can take
• Notify relevant regulatory authorities as required by law

5.3 Limitations

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of information transmitted over the Internet or stored electronically. You acknowledge and accept this inherent risk when sharing information with us.

6. Data Retention

6.1 Retention Periods

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law:

• Active Client Data: Maintained for the duration of the engagement and for a reasonable period thereafter to provide support and address inquiries
• Financial Records: Retained for at least 7 years to comply with tax and accounting regulations
• Communication Records: Generally retained for 3-5 years unless ongoing business needs require longer retention
• Marketing Data: Retained until you unsubscribe or request deletion, whichever comes first
• Legal Records: Retained for the duration required by applicable law or until the resolution of legal matters

6.2 Deletion and Anonymization

After the retention period expires, we will:

• Securely delete personal information using industry-standard data destruction methods
• Anonymize data so it can no longer identify individuals
• Archive certain data in restricted-access systems for legal or compliance purposes

7. Your Privacy Rights

7.1 Access and Portability

You have the right to:

• Request a copy of the personal information we hold about you
• Receive your data in a structured, commonly used, machine-readable format
• Transmit your data to another service provider (data portability)

7.2 Correction and Updates

You may request that we:

• Correct inaccurate or incomplete personal information
• Update outdated information
• Complete information that is missing

7.3 Deletion and Erasure

You have the right to request deletion of your personal information, subject to certain exceptions:

• When the information is no longer necessary for its original purpose
• When you withdraw consent (where consent was the basis for processing)
• When you object to processing and there are no overriding legitimate grounds
• When the information has been unlawfully processed

We may retain certain information if required by law or for legitimate business purposes (e.g., financial records, legal defense).

7.4 Restriction and Objection

You may request that we:

• Restrict processing of your information in certain circumstances
• Stop processing your data for direct marketing purposes
• Object to processing based on legitimate interests

7.5 Exercising Your Rights

To exercise any of these rights, please contact us using the information provided at the end of this policy. We will respond to your request within 30 days and may require verification of your identity before processing the request.

8. Cookies and Tracking Technologies

8.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our website. They help us recognize your browser and remember certain information about your preferences and activities.

8.2 Types of Cookies We Use

• Essential Cookies: Necessary for the website to function properly (e.g., security, authentication)
• Performance Cookies: Collect information about how visitors use our site to improve functionality
• Functional Cookies: Remember your preferences and settings for a better experience
• Analytics Cookies: Help us understand visitor behavior through tools like Google Analytics

8.3 Managing Cookies

You can control cookies through:

• Browser settings to block or delete cookies
• Third-party opt-out tools (e.g., Network Advertising Initiative)
• Our cookie consent banner when you first visit the site

Note that disabling certain cookies may limit website functionality.

8.4 Third-Party Tracking

We use analytics services (such as Google Analytics) that may collect information about your online activities over time and across different websites. These services have their own privacy policies governing their use of information.

9. International Data Transfers

9.1 Cross-Border Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction.

9.2 Safeguards

When transferring data internationally, we implement appropriate safeguards:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing equivalent data protection standards
• Binding Corporate Rules for intra-group transfers
• Certification frameworks such as Privacy Shield (where applicable)

10. Children's Privacy

Infovanta's services are directed toward businesses and professionals. We do not knowingly collect information from individuals under the age of 18. If we become aware that we have inadvertently collected information from a minor, we will take steps to delete it promptly.

11. California Privacy Rights (CCPA)

California residents have specific rights under the California Consumer Privacy Act (CCPA):

11.1 Right to Know

You have the right to request:

• The categories and specific pieces of personal information we've collected
• The categories of sources from which information was collected
• The business or commercial purpose for collecting or selling information
• The categories of third parties with whom we share information

11.2 Right to Delete

You may request deletion of personal information we've collected, subject to certain exceptions.

11.3 Right to Opt-Out

You have the right to opt out of the "sale" of personal information. Infovanta does not sell personal information as defined by the CCPA.

11.4 Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. You will not receive different pricing or service levels based on your privacy choices.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

• Changes in our data practices
• New legal or regulatory requirements
• Technological developments
• Improvements to our services

When we make significant changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or prominent website notice
• Obtain your consent where required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: