This Privacy Notice (“Notice”) describes how ICR, LLC, its affiliates and subsidiaries (“ICR”, “we”, “us”, “our”) collect, use, disclose, secure, and eventually dispose of (collectively “process”) your personal information. Personal information is any information that does, or could, identify you.
This Notice applies to personal information collected on our websites (for example, icrinc.com, icrconference.com, and westwicke.com) and otherwise in the course of our business activities, both online and offline. This Notice does not, however, apply to the personal information of ICR employees or applicants for employment at ICR.
Our websites may contain links to external sites. This Notice does not cover those sites.
In this Notice, “you” refers to anyone about whom we process personal information. You will usually be a business contact of ICR, for example a partner, customer, or prospect, including an attendee at the ICR Conference or a visitor to our websites.
ICR is the “controller” or “business” in relation to the personal information covered by this Notice. We sometimes process personal information on behalf of our customers. In these cases, we are a “processor” or “service provider” and this Notice does not apply to the processing.
2. Changes to this Notice
We will update this Notice from time to time and will communicate material changes to you through an appropriate channel (for example, via a notice on our websites). The Notice was last updated on December 10th, 2021.
3. Personal information we collect
3.1 Categories Collected
We collect the following categories of personal information:
• Identifiers such as your name, e-mail address, and IP address.
• Additional personal information defined in California 1798.80(e): telephone number, payment card number.
• Professional and employment-related information, such as your job title and professional biography.
• Internet activity information, such as your interaction with our websites.
• Location data, limited to following which sessions you attend at in-person ICR events, for example the ICR Conference.
3.2 Categories of sources
We collect the categories of personal information listed above from the following categories of sources:
• Directly from you, for example when you complete a “How can we help?” or registration form on our websites.
• From third parties, for example if we purchase an e-mail list from a data vendor or information service provider.
• From observing your activity, for example via cookies and other standard online technologies on our websites.
3.3 Items of personal information collected
When we collect personal information directly from you, you will know the details of that information. It may include your:
- Company and job title.
- Business contact information: name, work address, telephone number, and e-mail.
- Additional conference attendee information, for example: professional biography, headshot photo, dietary restrictions, and your feedback on conference sessions. We do not access messages that you send and receive using the conference app.
- Payment card details.
The personal information we collect from third parties is limited to business contact information, usually your name and e-mail.
We collect personal information from observing your activity:
- At our events, both in-person and virtual, we use technology to follow which sessions you attend.
4. How we use your personal information
ICR will never sell your personal information.
We may use your personal information for the following purposes:
- To respond to your requests or questions, for example when, on our websites, you sign up for ICR content or ask for more information about our services.
- To provide and administer our services, for example to communicate with you, provide support, manage your attendance at an ICR Conference, or invoice you for the services.
- To send you marketing communications for ICR services, events, or content that we think may interest you (see Section 9.1 for information about opting out of such messages).
- To help us improve our website and conference user experiences, for example by identifying which parts of the experiences you find interesting and useful.
Lawfulness of processing
The European Union (EU) General Data Protection Regulation (GDPR) requires that we provide EU individuals with our legal bases for processing their personal data. A similar requirement applies in some other jurisdictions, notably the United Kingdom and China. Our legal bases depend on the purpose of processing:
|Purpose of processing||Legal bases|
|To respond to your requests or questions||Depending on the nature of the request or question, either (i) your consent or (ii) in order to take steps at your request prior to entering into a contract.|
|To provide and administer our services||To perform a contract to which you are an interested party.|
|To send you marketing communications||Depending on the context of the communication, either (i) your consent or (ii) our legitimate interests in marketing our services.|
|To help us improve our user experiences||Our legitimate interests in improving our services and online media.|
Your personal information may be disclosed to the following categories of recipients:
- Employees and contractors of ICR: These personnel have roles that require access to your information (a “need to know”). They are bound by employment terms that cover their obligation to keep personal information confidential and secure.
- Service providers (“processors”): We use service providers to assist us with certain tasks, for example manage our Conference, host our webinars, and provide our CRM platform. Service providers process your data on our behalf and according to our instructions. They are contractually bound to protect your data and are prohibited from using it for their own purposes. We have in the preceding 12 months disclosed all the categories of personal information listed in Section 3.1 above to service providers.
- Event partners: We share information we collect about you in connection with a conference or other event we organize with our partners, for example the event sponsors, exhibitors, and presenters.
We will also disclose your personal information in the following exceptional circumstances:
- Legal necessity: We will disclose your information to government agencies, law enforcement, courts, and other authorities and parties if required to by applicable law.
- Corporate event: Your data may be transferred to third parties as a result of a merger, acquisition, or similar corporate event involving ICR.
6. Processing of payment card data
When you use a payment card to purchase a service from ICR, your payment card data is processed according to the Payment Card Industry Data Security Standard (PCI DSS).
We will retain your personal information as long as necessary to fulfil the purposes for which it was collected, and to satisfy legal, accounting, and reporting obligations, or to resolve disputes.
Section 9 of this Notice below describes your rights to request deletion of your data outside of our normal data retention schedule.
ICR is based in the United States. Personal information you provide to ICR is processed and stored on our systems in the US, where privacy laws may be different from those of your own country. If you reside in the EU, European Economic Area, or UK, note that the European Commission has not issued an “adequacy decision” for the US. As described in this Notice, we strive to protect your data and your rights regardless of international transfer. Transfers may be protected with other appropriate safeguards.
9. Your Rights
US and international laws give you various rights over your personal information. These may include the right to:
- Access personal information held about you
- Correct inaccurate or out-of-date personal information
- Request deletion of your personal information
- Restrict processing of your personal information
- Object to processing for which the legal basis is our legitimate interests
When our processing of your information is based on your consent, you may withdraw that consent at any time.
Notice of withdrawal of consent and other requests to exercise privacy rights should be addressed to us using the e-mail address provided in Section 10 below. Note that if we determine that your rights request relates to personal information for which ICR acts as a processor/service provider, we will assist you to direct your request to the controller/business.
If you believe that we have infringed your privacy rights, please contact us so that we can try to resolve the issue. However, if you are an EU/EEA/UK resident, you have the right to lodge a complaint with your EU/ EEA local supervisory authority or, in the UK, with the ICO.
You can opt out of our marketing communications at any time using the “unsubscribe” mechanism available in the message.
Please note that, if you are a user of ICR services, you may still receive service communications even after you have opted out of marketing communications. “Service” communications contain essential information about, or as a part of, the service for which you are a current customer.
10. Contact Us