Privacy Policy

We Value Your Privacy

IDC (hereinafter as “we” or “IDC”) is committed to conducting its business in line with best personal data protection practices. Personal data refers to any information that identifies you or could be used to identify you. This Privacy Policy provides you with transparent information about how IDC, as a data controller, collects, processes, shares, and otherwise uses your personal data and about your related rights.

Please note that this Privacy Policy includes European Union and European Economic Area (hereinafter together as “EU”) and United Kingdom specific provisions relating to data subjects’ rights and legal bases which only apply to you if the GDPR or the UK GDPR applies to the processing of your personal data, for example, if you attend an IDC event organized in the EU territory. These provisions include Sections: 1.2 – 1.3, 3.2 – 3.3, 4, 6, 7.3 – 7.4 and 8.2 – 8.4.

Specifically, please note that:

  • We do not report usage or user information to any third party (except in connection with third party commissioned research and, in such case, you expressly consent to the disclosure of such information, or as otherwise described in this Privacy Policy);
  • We do not accept any advertisements on our website and therefore have no information reporting requirements to any third party; and/or
  • We do not share your personal data with any third parties, except as described in this Privacy Policy or required by the applicable law.

If you are a Californian resident, please refer to our CCPA statement for further details about your rights.

  1. Who Processes Your Data?
    1. The controller of your personal data is IDC. A full list of IDC affiliates is available here. Each affiliate acts as a data controller with respect to data collected, processed, used, and stored as a part of services and activities conducted by an IDC affiliate. Certain services and activities may be conducted by several IDC affiliates. This Privacy Policy does not apply to processing of your personal data by individual IDC affiliates that have published their own country-specific Privacy Policies available on the relevant IDC affiliates’ websites.

    2. Within the meaning of Article 4 (16) of the GDPR, IDC’s main establishment in the EU is in the Czech Republic.
    3. Where required, IDC has designated a representative in the EU:

      IDC CEMA s.r.o.
      Malé náměstí 459/11
      110 00 Praha 1
      Czech Republic
    4. For all matters related to privacy and the collection, processing, use and storage of your personal data, please contact IDC’s Privacy Compliance Officer at privacy@idc.com.

    For more information about IDC, please refer to here.

  2. What Data Do We Collect, Process, Use, and Store When Providing Our Products and Services?
    1. Depending on the product or/and service involved, IDC may collect various data types for distinct purposes. Below, you will find more information on the data collected, processed, used, and stored related to the products and services IDC provides:
      1. Syndicated Research and Data Products: IDC may use your name and email address, business phone number, information about your organization, your job title, and other information provided by you at the time of registering your user account on the IDC website to deliver the Syndicated Research services and/or Data Products ordered by you or your organization as part of a corporate account. We may also use your contact details to communicate with you when producing reports and other Syndicated Research services and Data Products. In addition, we may log your IP address for security purposes.

        In order to enhance our services and in particular, to improve user experience, prevent misuse of IDC services and user accounts, or to provide feedback and usage statistics to our clients, we may track your usage of our services (such as search history). Corporate administrators (hereinafter as "Corporate Administrators") at our client organizations have access to usage statistics for their organization’s account base. If your user account, including personal data, is part of a corporate account, then a Corporate Administrator at your organization may request your user data containing personal data and usage information. Corporate Administrators can access user information only for individuals within their organization’s corporate profile.

      2. Custom Solution Services: IDC may use your name and email address, business phone number, information about your organization, your job title, and other information shared by you or your organization, if required due to the nature of the Custom Solution project, to provide Custom Solution Services (e.g. consulting and advisory services) ordered by you or your organization.

      3. Events Organization: When organizing conferences, webcasts, networking events, and other events, we may collect the name, email address, job title, company, and business phone number of each participant during the registration process. Alternatively, event participants may be asked to register through the idc.com general registration form as described in Section 2.1(a) above. In addition, we may collect details pertaining to professional profiles, including photos and information from social media profiles, as well as the names and email addresses of contacts from event partners (including sponsors). We may also collect any feedback or information that participants, speakers, and/or partners have volunteered to provide to us via questionnaires submitted prior to, during or after events. We will use such data to organize and market such events, manage event participation, and present details about speakers and sponsors in the programs and/or promotional materials of such events, as well as on our website and via social media. We may share information on participants and speakers other than their contact details with our event partners, as listed on the event website, to prepare, improve, and organize the event, including the collection and review of event statistics, and to ensure that the event's content is relevant to and customized for the event audience.

        Some public IDC events may be recorded by means of photographs, audio recordings, and/or videos. Such photographs and recordings may subsequently appear on the respective event website, other relevant website, on social media, in the press, or in promotional materials (such as IDC promotional videos or program guides). All events to be thus documented will be clearly indicated as such. IDC may separately seek your consent prior to recording if you are to feature predominantly in the planned recording (e.g. speakers and participants in interviews).

        Based on participants' and speakers’ consent, we may share their contact details with our event partners, as listed on the event website, for follow-up communication, including marketing. We may ask you for such consent during your event registration and/or during the course of the event. The consent you grant to IDC to share your contact details with event partners is unrelated to any consent that you may grant directly to any event partner during event networking, including by allowing an event partner to scan your electronic business card.

        In addition, we may collaborate with our sister company, Foundry, to produce events. If that is the case, your personal data may also be collected and processed by Foundry as an independent controller in accordance with Foundry’s privacy policy.

        If you request us to arrange additional event-related services for you, such as booking accommodation and/or flight tickets, we will also use your personal data to secure the requested arrangements.

        Networking tools at events: IDC may provide specific tools during the event to enhance your networking opportunities — in particular, a networking application and electronic business cards, as described below.

        Mobile application: An event mobile app may include your name, company, and job title (along with your photo, profile, and social media information, as provided by you) and may be visible to all other event participants. Opting for "private mode” will ensure that your name and contact details do not appear in the application.

        Electronic business cards: We may provide you with electronic business cards. These are incorporated, for instance, in your event badge and contain your name, email address, business phone number, job title, and company. You may provide such contact details to event partners by allowing them to scan your electronic business card. By allowing an event partner to scan your electronic business card, you provide your consent to this event partner to use your contact details, as included in the electronic business card, for any follow-up communication, including marketing communication on a one-time basis. Please refer to the Privacy Policy of the relevant event partner for more details about the processing of your personal data by the given event partner and your rights vis-à-vis this event partner.

      4. Awards and Competitions: When organizing awards or competitions, we may collect the name, email address, job title, company, and other details provided by each participant in the application form. Alternatively, such details may also be obtained from third parties who nominate the respective participant via a specific nomination form, in which case the nominating person has informed the participant and obtained necessary permissions to share the participant’s personal data with IDC.

        We will use such data to organize the awards or competitions and manage participation. We may share information on participants with members of our jury, which may consist of both internal and external parties bound by a confidentiality obligation, to evaluate applications and select winners of all award/competition categories.

        Based on participants’ consent, we may share their contact details with the partners of the awards or competitions, as listed on the respective websites, for follow-up communication, including marketing. We may ask you for such consent during your registration and/or while interacting with you during the award or competition process.

      5. Ancillary Services: To provide services related to updates on industry developments, IDC may use your name and email address to deliver these updates to you or your organization. Such services may include newsletters, market updates, market snapshots, and other value-added services or features provided by IDC, whether for remuneration or free of charge.

        Irrespective of whether IDC provides its services to you or your organization, we may also process your name and email address and personal data that you provide to us when we ask for your insight in relation to a specific industry or topic (e.g. when you fill out a survey form that we sent to you).

    2. In addition, regardless of the product and/or service involved, IDC may also process your name and email address, business phone number, information about your organization, and your job title for the purpose of management of business relationship with you or your organization.

    3. IDC does not process any special categories of personal data (as defined under the GDPR and the UK GDPR).

  3. For How Long Do We Store Your Data?
    1. We will store your personal data for as long as is necessary to provide you with the products and/or services requested by you or your organization; for as long as is reasonably required to store such information for our lawful business purposes, such as exercising our legal rights, or for as long as we are legally obligated to store such information.
    2. We will store photographs and video and audio recordings from each event for a period of 3 years from the end of the respective event.
    3. If you consent to us collecting, processing, using, and storing your personal data, we will do so for the duration of such consent — in other words, until such consent expires or is withdrawn. You have the right to withdraw your consent at any time. For more details on the withdrawal of your consent, please see the Your Rights section below.
  4. On What Legal Basis Do We Process, Use, and Store Your Data?
    1. We process, use, and store your data primarily to perform our obligations under the contracts we have concluded with you or your organization.
    2. In certain instances, we may also process your personal data based on our legitimate interests. IDC’s legitimate interests include offering and delivering our products and services to business customers, enhancing our customer base, management of the customer relationships, exchanging professional knowledge about the industry, exercising our legal rights, preventing fraud or imminent harm, and ensuring the security and operability of our network and services.
    3. In specific cases, we process your data based on consent.
  5. Cookies; web analytics

    We may use cookies and other tools allowing us to track and/or analyze user behavior on our websites. For more information about our use of such tools, please refer to the IDC Cookie Policy.

  6. Marketing
    1. We may contact you to inform you about IDC news, services, features, and special offers and to invite you to our events that we believe may be of interest to you, including the provision of marketing communication within the limits prescribed by law. Where required, we will request your consent prior to sending any such communication.
    2. Your marketing communication preferences may be changed at any time. If you would like to unsubscribe from receiving marketing emails, please follow the "unsubscribe" link and/or instructions which are placed at the foot of every IDC email.
    3. Please note, however, that we may occasionally send you important information (including via email) about the IDC services you are using or have used, including changes to applicable terms and conditions, and/or other communication or notifications, as may be required to fulfil our legal and contractual obligations. Such communication is not affected by your marketing communication preferences.
  7. How Do We Secure Your Data When It Is Collected, Processed, Used, and Stored by Our Suppliers and Affiliates?
    1. Our affiliates, as listed here, working with us or on our behalf for the purposes described in this Privacy Policy may have access to your personal data. We may also share your personal data with non-affiliated third parties as and when necessary:

      • To comply with legal processes;
      • To enforce or defend the legal rights of IDC in connection with corporate restructuring, such as a merger or business acquisition, or in connection with an insolvency situation;
      • To prevent fraud or imminent harm; and/or
      • To ensure the security and operability of our network and services.
    2. We share your data with our trusted business partners, who process your data as our vendors and data processors on our behalf and pursuant to our instructions. We strive to select our vendors carefully and ensure they are able to provide adequate data protection and security safeguards.
    3. When such processors reside in the EU (or the UK), we comply with Article 28 of the GDPR (or the UK GDPR, as applicable). If such processors reside outside of the European Economic Area or the United Kingdom, all data transfers are conducted in accordance with Chapter V. of GDPR (or the UK GDPR, as applicable) — in particular, in accordance with adequacy decisions issued by the European Commission or standard contractual clauses (Model Clauses), as applicable.
    4. In relation to the above, we may share your data with the following third parties:
      • Suppliers that provide IT support to IDC;
      • Suppliers that support our marketing activities;
      • Other professional services providers.
  8. What Are Your Rights?
    1. If you have any questions or concerns about our website and/or the handling of your personal data, and/or you wish to correct, amend, or delete that information where you believe that it is inaccurate, please contact us at any time via the contact details provided in the Section 1 of this Privacy Policy.
    2. As a data subject under GDPR or UK GDPR, you have the following rights:
      1. The Right to Access: Upon your request, we will provide you with access to the personal data on you that we process, and we will send you a copy of that data.
      2. The Right to Receive Information: You may contact us at any time with a request to receive more information regarding the following:
        • the purposes for which we use your personal data;
        • how we categorize your personal data;
        • the recipients of your personal data;
        • the length of time we store your personal data; and
        • your rights as a data subject.
      3. The Right to Portability: You have the right to receive a copy of your personal data from us in a structured and commonly used machine-readable format. You may also request us to transfer such data to another data controller.
      4. The Right to Erasure: You may request us to erase your personal data from our records.
      5. The Right to Rectification: If you discover that any of the data we possess about you is incorrect or incomplete, you can request to have such data amended via the contact information provided in Section 1 of this Privacy Policy.
      6. The Right to the Restriction of Use: You may ask us to restrict our use of your personal data so that we can only use your personal data in ways stipulated by you. If you have obtained the right to restrict the use of your personal data, you will be informed beforehand should this right become invalid for any reason.
      7. The Right to Object: In cases in which we rely on our legitimate interest to use your personal data, we must consider and acknowledge the interests and rights that you have under data protection law. Your privacy rights are always protected by appropriate safeguards and balanced with your freedoms and other rights. You have the right to submit an objection at any time to our use of your personal data based on our legitimate interest.
      8. The Right to Withdraw Consent: You have the right to withdraw your consent at any time to our use of your personal data. Please note that a withdrawal of your consent does not affect the legality of the use of your personal data prior to your consent being withdrawn.
    3. To exercise any of the above-mentioned rights, please contact us through the contact information provided in Section 1 of this Privacy Policy.
    4. Additionally, you have the right to lodge a complaint with the competent Data Protection Authority if you believe your rights regarding our use of your personal data have been violated.
      1. For all processing of personal data carried out by IDC subject to the GDPR, the competent Data Protection Authority is the Czech Office for the Protection of Personal Data (in Czech: Úřad pro ochranu osobních údajů), with registered office at Pplk. Sochora 27, 170 00 Praha 7, Czech Republic, as the lead Data Protection Authority of IDC.
      2. For all processing of personal data carried out by IDC subject to the UK GDPR, the competent Data Protection Authority is the Information Commissioner's Office, with registered office at Wycliffe House, Water Lane, Wilmslow SK9 5AF, United Kingdom.
  9. Data Security
    1. IDC strives to ensure its security measures are in line with the industry’s best practices to prevent the loss, misuse, or alteration of the information in our possession. We strive to ensure the ongoing confidentiality, integrity, availability, and resilience of our processing systems and services and will aim to restore the availability of personal data and access thereto in a timely manner in the event of a physical or technical incident. We employ various security measures to protect the information we collect, as appropriate to the type of information, including encryption, firewalls, and access controls. IDC further ensures that all individuals who have access to your data and are involved in the collection, processing, use, and/or storage thereof are bound by appropriate confidentiality obligations and have appropriate training.
    2. You are responsible for keeping confidential any passwords that we give you (or you choose) that enable you to access certain parts of our website. For security reasons, such passwords must not be shared with anyone.
  10. Links to Other Sites
    1. We may provide references and/or links to other companies, organizations, and/or public institutions on our website that enable you to access their websites directly from ours. The websites of these entities are governed by the entities' own privacy policies. Please note that we are not responsible for the content of such websites and cannot accept responsibility for any issues arising in connection with such third parties' use of your personal data. If you have any queries concerning the way your personal data is processed, used, or stored by such entities, we recommend referring to the privacy policies on the relevant websites.
  11. Changes to this Privacy Policy
    1. We may periodically modify the provisions of this Privacy Policy and encourage you to review it from time to time in order to stay up to date with the most recent developments in the area of the protection of your personal data. In the event of significant changes, we may also choose to notify you via email should we have your email address in our records.
    2. Updated versions of this Privacy Policy will be published on our website.
    3. This Privacy Policy was last updated on April 3, 2023.
  12. Questions?
    For all matters related to privacy and the collection, processing, use and storage of your personal data, please contact IDC’s Privacy Compliance Officer at privacy@idc.com.