Last updated: March 12, 2021.
At iMotions (or “we”, “us” / “our”) data protection and confidentiality is a high priority.
1. Data controller and contact information
Reg. no. 33 50 40 04
Frederiksberg Allé 1-3
1621 København V
141 Tremont Street, 7th Floor
Boston, MA 02111
United States of America
2. Collection of personal data through Online Services
We collect information you provide directly to us, including when you sign-up to our newsletter, download a guide or brochure, communicate with us, request customer support, send us an email or otherwise interact with us. The types of information we may collect about you includes your name, email address and any other information you provide or if we receive your information as a referral from a partner company. Our legal basis for this processing is either your consent in accordance with art. 6(1)(a) of the GDPR or our legitimate interest in accordance with art. 6(1)(f) of the GDPR since you enter our Online Services voluntarily or otherwise express interest in iMotions, e.g. when you hand us your business card, join a product demonstration, send us an unsolicited email, or call one of our offices.
When you access or use our Online Services, we automatically collect information about you, including:
- Log Information: we log information about your use of our Online Services, including the type of browser you use, access times, pages viewed, your IP address, and the page you visited before navigating to our Services.
- Device information: we collect information about the device you use to access our Online Services, including information about the device’s software and hardware, Media Access Control (MAC) address and other unique device identifiers, device token, mobile network information and time zone.
- Usage information: we collect information relating to your use of our Online Services, including which applications you use
- Information collected by cookies and other tracking technologies: we use various technologies to collect information, and this may include sending cookies to your computer or mobile device. Reference is made to section 8.
We may also obtain information from other sources and combine that with information we collect through our Online Services.
3. Collection of personal data through Products
When you buy and/or subscribe to one of our Products we may collect and process your contact details and professional information. Our legal basis for this processing is our legitimate interest in being able to deliver the Product you have purchased and/or subscribed to in accordance with art. 6(1)(f) of the GDPR, as well as the performance of the contract in accordance with art. 6(1)(b) of the GDPR.
If you are a test person, it is the Data Controller’s responsibility to collect your consent in accordance with art. 6(1)(a) and 9(2)(a) of the GDPR before processing your personal data. This is due to the given circumstances involving the processing of biometric data for the analysis of test results.
During the performance of our Products at the premises of our clients it may occur that the personal data of other people – not taking part in the Product and survey in question (“third party person”) – is unintentionally processed, e.g. during a mobile eye-tracking study. In such cases, it is the Data Collector’s responsibility to blur the faces and redact any other identifiable elements of the third-party persons in question, immediately after the recording has taken place – thus rendering the characteristics unidentifiable. Processing therefore relies on the legitimate interest as legal basis in accordance with art. 6(1)(f) of the GDPR. It is the Data Controller’s responsibility to install a specific and visible sign during the performance of any such Products, whereas any third-party will be informed of the processing activities in question in accordance with art. 14 of the GDPR.
You are of course always welcome to contact us (see details in section 1) should you have any questions.
When you purchase a product through our website, your credit card payment information is processed and stored by our subprocessor Stripe Inc.
We may use information about you for various purposes, including to:
- Provide, maintain and improve our current Products and Online Services;
- Develop new Online Services and Products;
- Provide and deliver the Products and Online Services you request and send you related information;
- Facilitate communications between users;
- Respond to your comments, questions and requests and provide customer service and support;
- Send you technical notices, updates, security alerts and support and administrative messages;
- Communicate with you about Products, Online Services, offers, promotions and events offered by iMotions and others, and provide news and information we think will be of interest to you;
- Personalize and improve our Products and Online Services and provide tailored advertisements, content or features;
- Monitor and analyze trends, usage and activities in connection with our Products and Online Services;
- Link or combine with information we get from others to help understand your needs and provide you with better service; and
- Utilize information for contracting, invoicing purposes, and payment processing
- Communicate to third party vendors for timely product deliveries and warranty tracking
- Keep track of contract renewals and maintenance
- Carry out any other purpose for which the data was collected.
5. Use of personal data
We may share information about you within the iMotions group. We may also share your personal data with our relevant client in the event that you have consented to this as part of participation in a Product.
We also may share aggregated information or otherwise anonymized information, which cannot reasonably be used to identify you.
We may also use data processors that solely act on basis of our instruction and for which we have entered into applicable data processor agreements.
If iMotions acts as data processor, the relation will be subject to a data processor agreement.
We may forward location and contact data to third party vendors (in the case that hardware has been purchased through us) in order to ensure timely delivery of goods (drop-shipment) as well as correct warranty tracking.
We will also utilize the data for contracting, invoicing purposes, and payment processing and store the data for as long as we are obligated to do so by the authorities.
6. Transfer to third countries
Your personal data may be transferred to data controllers or data processors which are located in countries outside the EU/EEA, including group entities, not ensuring an adequate level of data protection. For these cases, such transfer will be safeguarded by the EU Commission’s standard contractual clauses or another legal basis for the transfer.
7. Deletion of personal data
We will delete your personal data when we no longer need to process them in relation to one or more of the purposes set out above.
However, the data may be processed and stored for a longer period in anonymized form in order for us to improve the service.
- Understand and save user’s preferences for future visits.
- Keep track of advertisements.
- Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future.
- We may also use trusted third-party services that track this information on our behalf.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies. We store cookies for a maximum of five years.
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information.
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. To learn more please visit: https://support.google.com/adspolicy/answer/6008942?hl=en .
We make use of Google Ads, Google Analytics, and Google Tag Manager to track individual and aggregate acquisition and behavioral data on iMotions.com, as well as to analyse trends. We also make use of remarketing to target previous visitors and encourage them to visit again. This is done via cookies to track behavior. You can at any time opt-out of these at any time in the ad itself. To learn more or change your Google ad settings please visit https://www.google.com/settings/u/0/ads/authenticated.
We collect aggregate site traffic, pageviews, sessions, and click behavior that come from the major social media platforms including (but not limited to) Facebook, Twitter, Linkedin, and Youtube. This data is used on an aggregate level to understand how our marketing communications content is performing and how to best optimize our content for our site visitors.
We have implemented security measures to ensure that our internal procedures meet our high security policy standards, hereunder – but not limited to – a variety of security measures when a user enters, submits, or accesses their information in relation to our Online Services and Products. Accordingly, we strive to protect the quality and integrity of your personal data. This includes encryption of data and use of pseudonymisation, whenever applicable (e.g. all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology). Further, your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information.
Our site is hosted on Hetzner, a dedicated Dedicated Root Server, VPS & Hosting platform compatible with WordPress, and we deliver content via Amazon’s Cloudfront applications. Hetzner and Amazon store website traffic data but no end-user personal data from iMotions.com.
Personal data from users of iMotions.com is tracked in Salesforce’s Pardot, our Marketing Automation Platform, which you opt into by providing your email address, browser cookie and/or personal information when you consent to submitting a form, confirming a webpage cookie, or otherwise contacting us. We never obtain email addresses from third parties like paid lists without your consent.
10. For Online Services and Products in the US
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under 13.
CAN SPAM Act
The CAN SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to be in accordance with CAN SPAM. If you would like to unsubscribe from receiving future emails, you can do this by updating your subscription preferences that appear on the bottom on any marketing communications that you receive from us or email us at email@example.com.
11. Your rights
You are at any time entitled to be informed of the personal data about you that we process, but with certain legislative exceptions. You also have the right to object to the collection and further processing of your personal data including profiling/automated decision-making. Furthermore, you have the right to have your personal data rectified, erased or blocked. Moreover, you have the right to receive information about you that you have provided to us, and the right to have this information transmitted to another data controller (data portability).
12. Withdrawal of consent
You may, at any time, withdraw any consent you have given. Hereafter we will no longer process your personal data, unless we can continue the processing based on another purpose. If you wish to withdraw your consent, please contact us at firstname.lastname@example.org.
13. Third-party links
We may include or offer third-party products, services, or links on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
If you wish to appeal against the processing of your personal data, please contact us as indicated under section 1 above. You may also contact the Danish Data Protection Agency (Datatilsynet), Borgergade 28, 5., 1300 Copenhagen K, Denmark or your local data protection agency.