IDC Logo; a globe followed by the letters 'IDC'

About IDC

We Value Your Privacy

IDC Privacy Policy, last updated: 11 June 2023

International Data Corporation (hereinafter as “we” or “IDC”) is committed to conducting its business in line with best personal data protection practices. Personal data refers to any information that identifies you or could be used to identify you. This Privacy Policy provides you with transparent information about how IDC, as a data controller, collects, processes, shares, and otherwise uses your personal data and about your related rights.

IDC is respectful of data privacy and adopts best practices in compliance with applicable privacy law and regulations, including the European General Data Protection Regulation (EU 2016/679) (the “GDPR”), Directive 2002/58/EC (the “e-Privacy Directive”); European national laws implementing derogations, exceptions or other aspects of the e-Privacy Directive and/or the GDPR; the GDPR, as transposed into the United Kingdom national law by operation of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (the “UK GDPR”) and the United Kingdom’ Data Protection Act 2018; the Canadian Personal Information Protection and Electronic Documents Act (the “PIPEDA”); the California Consumer Privacy Act of 2018, as amended from time to time (the “CCPA”); California Privacy Rights Act of 2020 (the “CPRA”); and the Swiss Federal Act on Data Protection of 2020 (the “FADP”).

If you are a Californian resident, please refer to our CCPA statement for further details about your rights.

  1. Who Processes Your Data?

    1. The controller of your personal data is IDC. A full list of IDC affiliates is available here. Each affiliate acts as a data controller with respect to data collected, processed, used, and stored as a part of services and activities conducted by an IDC affiliate. Certain services and activities may be conducted by several IDC affiliates. This Privacy Policy does not apply to processing of your personal data by individual IDC affiliates that have published their own country-specific Privacy Policies available on the relevant IDC affiliates’ websites. In addition, we may collaborate with our sister company, Foundry, to produce events. If that is the case, your personal data may also be collected and processed by Foundry as an independent controller in accordance with the Foundry Privacy Policy.

    2. Within the meaning of Article 4 (16) of the GDPR, IDC’s main establishment in the EU is in the Czech Republic.
    3. Where required, IDC has designated a representative in the EU:

      IDC CEMA s.r.o.
      Malé náměstí 459/11
      110 00 Praha 1
      Czech Republic
    4. For all matters related to privacy and the collection, processing, use and storage of your personal data, please contact IDC’s Privacy Compliance Officer at privacy@idc.com.

    For more information about IDC, please refer to here.

  2. What Personal Data Do We Collect?

    Depending on the product and/or service involved, IDC may collect various categories of data for distinct purposes. This may include, in particular:

    1. Data that you provide to us:
      1. Business contact information, such as first name, last name, business email address and phone number, company name, business title, business address. In some cases, you or your organization may also provide us with additional professional information such as the size of the company you work for, and industry type. When you set up an account with IDC, we may also collect your log-in credentials (i.e., email and password) and billing information, where applicable.

      2. We will also process any feedback or information that you voluntarily provide to us in connection with our services, including questionnaires sent to you.

      3. With respect to events that we organize, we may also process the information necessary for the provision of ancillary services that you requested (e.g., to arrange accommodation and/or flight tickets for you).

      4. We may collect such data when you use or register to receive any of the products, services or content offered by IDC and its affiliates and partners, as applicable, or when you communicate with us through email, web application forms, chat, our social media, and other forms of communication.

    2. Data we collect from other sources:
      1. We collect information about your use and interaction with our websites, content and services (such as search history, page visits, IP address, etc.). We use cookies and other tools (see Section 3.3 below) to collect such data. The exact scope of personal data collected will depend on the specific features of the website / services then available and used by you and the privacy preferences you set for such cookies / tools. If you wish to learn more information about our use of cookies or if you wish to update your cookie preferences, please refer to our Cookie Policy.

      2. With respect to certain services (e.g., Event Organization), we may collect additional details pertaining to your professional profiles on social media or other websites. We may also take photos, videos or audio recordings which may include your personal data.

      3. We may also collect other personal data that you have made accessible from publicly available sources, including third-party websites, blogs, articles, or similar publicly available content. This typically includes business contact information as described in Section 2.1 above.

    3. IDC processes only your business professional details in the context of your professional capacity. IDC does not, in any event, knowingly collect or process any personal data that may be classified as special categories of personal data or sensitive personal information under the applicable privacy laws.

  3. How Do We Use Your Personal Data?

    1. To provide our services, products and content.

      We may use your personal data and information about your organization to deliver our services and products, in particular Syndicated Research and/or Data Products, Custom Solution Services (e.g. consulting and advisory services), and Event Organization.

      We will use your personal data primarily to identify you when you register and login to your account, to process your payments, manage our business relationship with you or your organization, and to fulfil your requests. In addition, we may process your personal data for the following purposes, depending on the type of our service:

      1. Syndicated Research and/or Data Products: We may also use your contact details to communicate with you when producing reports and other Syndicated Research services and Data Products.

      2. Custom Solution Services: The scope of processed data may vary and is subject to the assignment and nature of the Custom Solution project requested by you or your organization.

      3. Events Organization: We will process your personal data to organize and market the events that we organize, manage event participation, and present details about speakers and sponsors in the programs and/or promotional materials of such events, as well as on our website and via social media.

        We may collaborate with our event partners and our sister company, Foundry, to produce events. In such cases, participants’ and speakers’ personal data may also be processed by Foundry and the event partners as independent controllers. Foundry will process your personal data in accordance with the Foundry Privacy Policy . The event partners will be listed, along with their privacy policies, in the Partners section of the relevant event website.

        Our event partners may process the participants' and speakers' personal data to prepare, improve, and organize the event, including to collect and review event statistics, and to ensure that the event's content is relevant to and customized for the event audience. In addition, the event partners may wish to inform you about their products and services they think you may find interesting. As applicable, we may either ask you for your consent to receive such communication or provide you with an opportunity to opt out of receiving such communication. This consent, if applicable, is unrelated to any consent that you may grant directly to any event partner during event networking, including by allowing an event partner to scan your electronic business card.

        Some public IDC events may be recorded by means of photographs, audio recordings, and/or videos. Such photographs and recordings may subsequently appear on the respective event website, other relevant website, on social media, in the press, or in promotional materials (such as IDC promotional videos or program guides). All events to be thus documented will be clearly indicated as such. IDC may separately seek your consent prior to recording if you are to feature predominantly in the planned recording (e.g. speakers and participants in interviews).

        Networking tools at events: IDC may provide specific tools during the event to enhance your networking opportunities — in particular, a networking application and electronic business cards, as described below.

        Mobile application: An event mobile app may include your name, company, and job title (along with your photo, profile, and social media information, as provided by you) and may be visible to all other event participants. Opting for "private mode” will ensure that your name and contact details do not appear in the application.

        Electronic business cards: We may provide you with electronic business cards. These are incorporated, for instance, in your event badge and contain your name, email address, business phone number, job title, and company. You may provide such contact details to event partners by allowing them to scan your electronic business card. By allowing an event partner to scan your electronic business card, you provide your consent to this event partner to use your contact details, as included in the electronic business card, for any follow-up communication, including marketing communication. Please refer to the Privacy Policy of the relevant event partner for more details about the processing of your personal data by the given event partner and your rights vis-à-vis this event partner.

    2. To administer awards and competitions:

      1. When organizing awards or competitions, we may collect the name, email address, job title, company, and other details provided by each participant in the application form. Alternatively, such details may also be obtained from third parties who nominate the respective participant via a specific nomination form, in which case the nominating person has informed the participant and obtained necessary permissions to share the participant’s personal data with IDC.

      2. We will use such data to organize the awards or competitions and manage participation. We may share information on participants with members of our jury, which may consist of both internal and external parties bound by a confidentiality obligation, to evaluate applications and select winners of all award/competition categories.

      3. Based on participants’ consent, we may share their contact details with the partners of the awards or competitions, as listed on the respective websites, for follow-up communication, including marketing. We may ask you for such consent during your registration and/or while interacting with you during the award or competition process.

    3. To ensure security and prevent misuse of our services, to improve our services and products and to develop new offerings:

      1. We may also use the personal data about you, including information about how you use our services, as described above, to enhance user experience, improve and secure our services, prevent misuse of our services and user accounts, and identify and resolve technical issues. You may object to the processing of such usage data for the purposes of improving our services and user experience by contacting us at privacy@idc.com.

      2. In addition to the above, Corporate Administrators at our client organizations have access to certain usage statistics for their organization’s account base. If your user account, including personal data, is part of a corporate account, then a Corporate Administrator at your organization may request your user data containing personal data and certain usage information. Corporate Administrators can access user information only for individuals within their organization’s corporate profile

    4. To communicate with you:

      1. We may process your personal data to communicate with you, for example, when we assist you with setting up or administering your account, provide customer care, resolve your complaints, and send technical notices and other support messages (including changes to applicable terms and conditions and other communication to fulfil our legal and / or contractual obligations). Such communication is not affected by your marketing communication preferences.

      2. IDC may also use your personal data when we ask you for your insights about a specific industry or topic (surveys) or to provide you with updates on industry developments and other value-added services or features provided whether for remuneration or free of charge (such as newsletters, market updates, market snapshots, etc.).

    5. To inform you about IDC’s products and services:

      1. We may contact you about our news, events, services and their features or special offers that we believe may interest you, provided that we have the requisite permission to do so, either on the basis of your consent, or our legitimate interests to provide you with marketing communications where we may do so, within the limits provided by law. You may change your marketing preferences at any time by following the instructions in such communications or by contacting us via the contact details provided in Section 1 of this Privacy Policy.

    6. To comply with legal obligations:

      1. IDC may also process your personal data to comply with applicable legal obligations, for example in connection with billing and taxes.

    7. To secure our services, to prevent fraudulent activities and protect our rights:

      1. We may use the information about you to detect, prevent and address fraud and other illegal activity and to establish, exercise or defend our legal claims and protect our rights.

  4. On What Legal Basis Do We Process, Your Personal Data?

    1. We process, use, and store your data primarily to perform our obligations under the contracts we have concluded with you or your organization.
    2. In certain instances, we may also process your personal data based on our legitimate interests. IDC’s legitimate interests include offering and delivering our B2B products and services to customers, enhancing, improving our products, services and customer base, communication and management of the customer relationships, conducting market research and analysis, exchanging professional knowledge about the industry, exercising and defending our legal rights, preventing fraud, illegal activity or imminent harm, and ensuring the security and operability of our network and services. Where permissible under applicable law, we may also contact you about our products and services based on our legitimate interests.
    3. In specific cases, we process your data based on consent, in accordance with the requirements for consent under applicable privacy laws. For example, we may rely on your consent for direct marketing purposes or taking photos or videos capturing your image, where required.
    4. We may also process your personal data where such processing is necessary to comply with the laws applicable to IDC’s business operations.
  5. For How Long Do We Store Your Data?

    1. We will store your personal data for as long as is necessary to provide you with the products and/or services requested by you or your organization; for as long as is reasonably required to store such information for our legitimate interests, such as exercising our legal rights, or for as long as we are legally obligated to store such information.
    2. If you consent to us collecting, processing, using, and storing your personal data, we will do so for the duration of such consent — in other words, until such consent expires or is withdrawn. You have the right to withdraw your consent at any time. For more details on the withdrawal of your consent, please see Section 8 below.
  6. Data Disclosure and Transfers

    We may disclose your personal data to third parties or affiliates in the following circumstances:

    1. Our affiliates, as listed here, working with us or on our behalf for the purposes described in this Privacy Policy may have access to your personal data.
    2. We may also share your personal data with non-affiliated third parties such as professional advisors or public authorities when necessary:

      • To comply with legal obligations;
      • To enforce or defend the legal rights of IDC in connection with corporate restructuring, such as a merger or business acquisition, or in connection with an insolvency situation;
      • To prevent fraud or imminent harm; and/or
      • To ensure the security and operability of our network and services.
    3. We share your data with our trusted business partners, who process your data as our vendors and data processors on our behalf and pursuant to our instructions (for the purposes of e.g., IT support, hosting, etc.). We strive to select our vendors carefully and ensure they are able to provide adequate data protection and security safeguards.
    4. We may share your personal data with our sister company Foundry so it may help us deliver all or parts of our products or services with you.
    5. IDC can share your personal data with its partners, sponsors or other third parties, in the context of business-to-business services provided by IDC, including events, or to develop or market certain content (e.g., white papers). Where required, we will seek your consent before sharing your personal data with such third parties. Processing of your personal data by such third parties is governed by their respective privacy policies.
    6. Your personal data can be shared through third-party cookies and other related technologies that are used by third parties. Please refer to our Cookie Policy for more information.
    7. As required by the applicable laws, any transfer of your personal data outside the EU, UK or Switzerland only takes place if the requirements of the applicable privacy laws, in particular as laid down in Art. 44 et seq. GDPR, have been fulfilled, e.g., based on the European Commission’s adequacy decision, or the Standard Contractual Clauses, including the UK SCC Addendum, where applicable.
  7. Data Security

    1. We have implemented and will maintain appropriate technical and organizational measures, internal controls, and information security routines in accordance with good industry practice while keeping in mind the state of technological development in order to protect your data against accidental loss, destruction, alteration, unauthorized disclosure or access or unlawful destruction. We employ various security measures to protect the information we collect, as appropriate to the type of information, including encryption, firewalls, and access controls. IDC further ensures that all individuals who have access to your data and are involved in the collection, processing, use, and/or storage thereof are bound by appropriate confidentiality obligations and have appropriate training.
    2. You are responsible for keeping confidential any passwords that we give you (or you choose) that enable you to access certain parts of our website. For security reasons, such passwords must not be shared with anyone.
  8. What Are Your Rights?

    1. If you have any questions or concerns about the handling of your personal data, and/or you wish to exercise your data subject rights, please contact us at any time via the contact details provided in Section 1 of this Privacy Policy.
    2. As a data subject, you have the following rights:
      1. The Right to Access: You have a right to request access to the personal data about you that we process, and to receive a copy of that data.
      2. The Right to Receive Information: You may contact us at any time with a request to receive more information regarding the following:
        • the purposes for which we use your personal data;
        • how we categorize your personal data;
        • the recipients of your personal data;
        • the duration for which we store your personal data; and
        • your rights as a data subject.
      3. The Right to Portability: You have the right to receive a copy of your personal data from us in a structured and commonly used machine-readable format. You may also request us to transfer such data to another data controller.
      4. The Right to Erasure: You may request us to erase your personal data from our records. Please note that in some cases we may be legally obliged to retain some of your personal data. We may also retain some of your personal data in order to defend our legal rights, avoid sending you unwanted materials in the future, and to keep a record of your request and our response.
      5. The Right to Rectification: If you discover that any of the data we possess about you is incorrect or incomplete, you may ask us to rectify or supplement your data.
      6. The Right to the Restriction of Use: You have a right to request restriction of our use of your personal data, in particular if you believe that such processing is unlawful, or your data is inaccurate.
      7. The Right to Object: In cases in which we rely on our legitimate interest to use your personal data, we must consider and acknowledge the interests and rights that you have under data protection law. Your privacy rights are always protected by appropriate safeguards and balanced with your freedoms and other rights. You have the right to submit an objection at any time to our use of your personal data based on our legitimate interest, as described above.
      8. The Right to Withdraw Consent: You have the right to withdraw your consent at any time to our use of your personal data. Please note that a withdrawal of your consent does not affect the legality of the use of your personal data prior to your consent being withdrawn.
    3. To exercise any of the above-mentioned rights, please contact us through the contact information provided in Section 1 of this Privacy Policy.
    4. Additionally, you have the right to lodge a complaint with the competent Data Protection Authority if you believe your rights regarding our use of your personal data have been violated.
      1. For all processing of personal data carried out by IDC subject to the GDPR, the competent Data Protection Authority is the Czech Office for the Protection of Personal Data (in Czech: Úřad pro ochranu osobních údajů), with registered office at Pplk. Sochora 27, 170 00 Praha 7, Czech Republic, as the lead Data Protection Authority of IDC.
      2. For all processing of personal data carried out by IDC subject to the UK GDPR, the competent Data Protection Authority is the Information Commissioner's Office, with registered office at Wycliffe House, Water Lane, Wilmslow SK9 5AF, United Kingdom.
      3. For all processing of personal data carried out by IDC subject to the FADP, the competent Data Protection Authority is the Federal Data Protection and Information Commissioner (FDPIC), with registered office at Feldeggweg 1, CH - 3003 Bern, Switzerland.
    5. If you are a Californian consumer, please see our CCPA statement for a complete statement of your rights under the CCPA, including the right to opt-out of the sharing and sale of your personal data.
  9. Links to Other Sites

    1. We may provide references and/or links to other companies, organizations, and/or public institutions on our website that enable you to access their websites directly from ours. The websites of these entities are governed by the entities' own privacy policies. Please note that we are not responsible for the content of such websites and cannot accept responsibility for any issues arising in connection with such third parties' use of your personal data. If you have any queries concerning the way your personal data is processed, used, or stored by such entities, we recommend referring to the privacy policies on the relevant websites.
  10. Children’s Privacy

    1. Our services or content are not directed or intended for use by, children under the age of 16 years. Therefore, we do not knowingly collect personal data from children under the age of 16 years. If we become aware that personal data of a child under 16 has been collected, we will take appropriate steps to delete such data.
  11. Changes to this Privacy Policy

    1. We may periodically modify the provisions of this Privacy Policy and encourage you to review it from time to time in order to stay up to date with the most recent developments in the area of the protection of your personal data. In the event of significant changes, we may also choose to notify you via email should we have your email address in our records.
    2. Updated versions of this Privacy Policy will be published on our website.
    3. This Privacy Policy was last updated on June 11, 2024.

Questions?

For all matters related to privacy and the collection, processing, use and storage of your personal data, please contact IDC’s Privacy Compliance Officer at privacy@idc.com.