Privacy Policy
This is the Privacy Policy of Imerale SAS and is applicable to the use of Imerale’s Services that are made available as part of the services you are using. As used in this Privacy Policy, (“Imerale” or "our") refers to the company Imerale SAS, registered in France with the Chamber of Commerce registration number 952739183 and with registered office at 231 Rue Saint Honoré, 75001 Paris, its owners, directors, investors, employees. This Policy applies to all personal information processed by Imerale, including on our websites, Dashboard Service, Passport Service, and any other online or offline offerings. To make this Privacy Policy easier to read, our websites, applications, and other offerings are collectively called the (“Imerale Services”).
We collect this information when you visit our website or web application with your computer, tablet, phone, or smartwatch ("Computer"). We process personal data in a manner that is in accordance with the EU General Data Protection Regulation (“GDPR”), the GDPR-based legislation and the French Data Protection Act (“DPA”). By accessing or using our Services, you agree to us collecting, storing, and processing your information in accordance with this Policy. This Policy may change from time to time, and your continued use of the Services after we make those changes is deemed to be acceptance of those changes.
This Imerale Privacy Policy (“PrivacyPolicy”) is also applicable to the processing of your personal data as part of the Imerale Services that are made available and distributed through the service you are using. In different instances, Imerale may be the Data Controller or a Data Processor of the data it processes under the Imerale Services. By having an account and using our services, you agree to be bound by this Policy and if applicable, the Imerale Website Terms & Conditions (“Website Terms”) and/or the Imerale Dashboard Terms & Conditions (“Dashboard Terms”) and/or the Imerale Passport Terms and Conditions (“Passport Terms”). By accessing and using our Services, you agree to comply with and be bound by these Terms. If you do not agree with these Terms, do not access our websites, use our service, or access the Imerale Website, Dashboard or Passport.
This Privacy Policy outlines how we process personal data, commit to protecting your information, and provide the framework through which effective management of data protection matters can be achieved while providing our Services. This Privacy Policy does not cover how Imerale Clients as Data Controllers may treat Users' personal data. Imerale Clients provide this information in their privacy statements which are not subject to Imerale’s control.
1. Defintions
“Dashboard” means the online tool provided by Imerale through its web application, which allows Users to access and display specific information, data or content related to their account or use of Imerale’s Services and may include various features and functionalities for User interaction and customisation. The Dashboard may provide real-time or aggregated data, analytics or other relevant information for the User’s convenience and use in accordance with the Dashboard Terms.
“Data Controller” means an individual or organisation that determines the purposes and means of processing personal data. The Data Controller is responsible for making decisions about how and why personal data is processed, and they are ultimately accountable for ensuring that the processing of this data complies with GDPR requirements.
“Data Processor” means an individual or entity that processes personal data on behalf of a Data Controller. The Data Processor carries out data processing activities as instructed by the Data Controller and is responsible for handling the personal data in accordance with the Data Controller's instructions and the requirements of data protection laws.
“Imerale Client” means the legal entity that has a contractual relationship with Imerale for the provision of Imerale Services.
“Imerale Services” means the services delivered by Imerale:
- Imerale website.
- To offer a platform for B2B customer risk management.
- A case management and customer monitoring platform.
- To connect to the relevant APIs to provide for verification purposes of Know-your-Customer (“KYC”) and related parties adverse media, PEP and sanctions screening.
- As a platform for customers’ data retrieval through a questionnaire.
- As may be distributed and made available through Imerale Services.
“Passport” means the online tool provided by Imerale through its web application, which allows users to access and display specific information, data or content related to their account or use of Imerale’s Services and may include various features and functionalities for user interaction and customisation. The Passport serves as an identification platform for the Users to submit data to their Service Provider who are Imerale Clients. The Passport is to be used in accordance with the Passport Terms.
“Service Provider” means an entity or organisation that offers services or performs specific tasks for another individual, business, or entity. These services can encompass a wide range of activities and can be provided in various industries. Service providers are typically contracted to deliver a particular service or set of services, and they may operate on a one-time or ongoing basis. A Service Provider may have access to or process data on behalf of the Data Controller. These service providers may have access to User data for the purpose of providing their services, and their roles and responsibilities are typically defined in data processing agreements or contracts to ensure data protection and compliance with privacy regulations.
“Users” or “You” means all natural persons and all legal persons who visit the Imerale Services, log in to the Dashboard or Passport, and/or use, share and/or input information on the Imerale Website, Dashboard or Passport.
2. What personal data do we collect?
What is personal data?
Personal data is any information relating to an identified or identifiable person, also known as a “Data Subject”. An identifiable person is someone who can be directly or indirectly identified by reference to one or more factors specific to their physical, physiological, genetic, economic, cultural or social identity (such as a name, an identification number, email, address or an online identifier).
Information you provide
We collect the following information provided to us either directly or indirectly by interacting with the Services or by corresponding with Imerale by phone, email or otherwise. Examples of personal data include:
- By which you may be personally identified, such as any identifier by which you may be contacted online or offline ("personal information").
- That is about you but individually does not identify you.
- About your internet connection, the equipment you use to access our Websites or Services, and usage details about the Websites and Services.
- Contact details: Name and email address connected to the Account.
- Profile information that is used for the User.
- Personal information required to identify and verify the information provided to Imerale.
- General personal data including but not limited to full name, personal identification code or number, date of birth, legal capacity, nationality and citizenship, location (street, city, country, and postcode).
- Identity document data including but not limited to Document type, issuing country, number, expiry date, MRZ, information embedded into document barcodes (may vary depending on the document), security features.
- User Content (e.g. text, validations, or other materials) that is provided to the Service.
- Communications between you and Imerale (e.g., we may send Service-related emails).
We collect information in the following ways:
- Directly from you when you provide it to us through the Imerale Services.
- Automatically as you navigate through the Imerale Services. Information collected automatically may include usage details, IP addresses, and information collected through cookies or other tracking technologies.
- From third parties, for example, our Service Providers.
- From the Data Controller (Imerale Client) who engages our services.
Information from other sources
We may receive information from other sources, such as company registries, government databases, third-party platforms and forums, social media and public information, contacts, and business partners. Examples of the type of information we may receive from other sources are:
a. Personal information, such as your name, date of birth, personal and professional mailing address, email and phone number, and professional and educational history:
i. Profile information, comments, and similar information provided to or on social or professional networks and other forums that connect to Imerale.
ii. Interests, demographic data, and purchasing behaviour.
b. Information collected from you offline or through other channels. For example:
i. Information you provide when attending a conference, event, or other in-person function.
ii. Information you provide over the phone.
Log file information
We collect information that your browser sends whenever you visit the Imerale Services. This log file information may include information such as your computer's Internet Protocol address, browser type, browser version, your login information, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, location data, and other statistics.
We use tools to improve the User experience and to personalise your Imerale Services experience. Therefore, Imerale performs statistical analyses about the way you use Imerale Service such as information on how you navigate, how much time you spend, how long you visit, and from where you came to our service.
We use well-known advertising platforms such as Google or LinkedIn in promoting our Imerale Website:
- If you click through such an advert and start using the Imerale website, an automated process will confirm to the advertising platform that you have gone to the Imerale website.
- If you don’t use these platforms Imerale will not collect or process this data.
Any data you share on social media platforms will be accessible by them as described in their terms of service.
We use tools to improve the user experience of our website. Therefore, Imerale performs statistical analyses about the way you use the services of Imerale such as information on how you navigate, how much time you spend, how long you visit, and from where you came to our service.
Metadata
Metadata is usually technical data that is associated with User Content. For instance, metadata can describe how, when and by whom a piece of User Content was collected and how that content is formatted.
Purposes of processing data
Imerale adheres to the principles of personal data protection as described in the EU GDPR and the French DPA. In accordance with these principles, Imerale, when acting as Data Controller, or acting as a Data Processor on behalf of Imerale Clients as the Data Controller, is ensuring that the User’s personal data:
- Processed fairly and lawfully and in a transparent manner in relation to the Data Subject.
- Processed for specified, explicit, and legitimate purposes only and not further processed in a manner that is incompatible with those purposes.
- Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
- Kept accurate and up to date.
- Retained in a form permitting identification of Data Subjects for no longer than is necessary for the purposes for which they are processed.
- Processed in a manner that ensures their appropriate security.
- Not transferred outside the European Economic Area (EEA) without adequate protection.
By using our Service, you leave certain information with us, for example by having an account, registering to be part of our newsletter, or completing a contact form. This may include data such as name and email address. Imerale collects and processes this data to make our services accessible. We also collect information about your computer (such as IP address, browser type and operating system) so that we can improve our services. The personal data will not be provided to third parties unless we are obliged to do so on the basis of legislation and regulations. Some of the information we collect may, when combined with other information, be personal information that could be used to identify you. Such information is treated as personal information.
There are three situations in which Imerale processes personal data in the course of the Imerale Services:
- Imerale may process personal data as a Data Controller in the provision of our Dashboard Services to the Imerale Clients and its employees.
- Imerale may process personal data as a Data Controller in our Website Services to Users.
- Imerale may process personal data as a Data Processor in the course of service provision to Imerale Clients according to their instructions and on the basis of the contractual agreement concluded between Imerale and its Clients.
In the event of the third situation defined above, the Imerale Client is the Data Controller who determines the purpose of data processing, exercises control over the User’s personal data, and stipulates the retention period of the User’s data according to its purposes. Imerale is a Data Processor that conducts only those data processing activities that the Imerale Client requests. Imerale grants the Imerale Client use of the Dashboard and Passport services for B2B customer onboarding and monitoring processes for the Client as part of Imerale Services. These Services are made available to Users by the Imerale Client who is the Data Controller of the personal data processed by Imerale.
Legal basis for processing data
There are several bases on which Imerale can process personal data. These are: the execution of an agreement, legitimate interest, based on a legal obligation or on the basis of your consent. We process your personal data to the extent necessary to achieve the purpose for which we collect the personal data.
You are responsible for ensuring the accuracy of personal information you provide to us. Inaccurate information may affect your ability to use the Services, including your licence, the information you receive when using the Services, and our ability to contact you.
When Imerale is engaged by its Clients to perform B2B customer onboarding activities in respect of their Users, the processing of personal data is covered by the legal grounds included in the agreement between Imerale and the Imerale Client. The grounds Imerale Client processes personal data is stated in their respective Privacy Policy.
In line with Article 6 of the EU GDPR, in our capacity as Data Controllers, Imerale relies on an appropriate legal ground when processing personal data. We rely on the following grounds for processing personal data:
- Article 6(1)(c) of the GDPR: [personal data] processing is necessary for compliance with a legal obligation to which the controller is subject.
- Article 6(1)(e) of the GDPR: [personal data] processing is necessary for the performance of a task carried out in the public interest.
- Article 6 (1)(a) of the GDPR: the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- Article 6(1)(f) of the GDPR – legitimate interest: Our legitimate interest arises from the strict necessity of internal analysis and ongoing development and improvement of Imerale’s services that our Clients use to detect fraud and illicit activities to prevent money laundering, terrorist financing, fraud, and other activities, which are considered a matter of substantial public interest. In this case, we use legitimate interest if the Client grants us permission to process data provided that our purposes are compatible with those initial purposes for which the personal data has been collected. Such purposes are compatible due to the obligations or interests of our Client regarding the performing of due diligence, the combat of fraud and detection of any illegal actions.
We may process your sensitive data if the Client has a reasonable legal ground for such processing.
3. How do we use this information?
We use, store, and process the information we collect to provide and improve the Services, to support our business functions, and to personalise, provide, measure and improve our advertising and marketing.
We use all the information we have to help us provide and support our Imerale Services. Here is how we may use this information:
- To present our Websites and their contents to you.
- To provide you with information, products, or services that you request from us such as demo requests and contact formula.
- For customer service and customer support purposes.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection activities.
- To facilitate payment or delivery of services requested.
- To provide you with support and respond to your inquiries, such as to investigate and address your concerns, and monitor and improve our responses.
- To manage your account and provide you with notices regarding the Services, including expiration and renewal notices.
- To provide, personalise, measure, and improve your experience with our Websites and to deliver content and product and service offerings based on your advertising customization preferences.
- To send you information about Imerale products, services, and promotions.
- To administer promotional activities, such as surveys, sweepstakes, contests, and referrals.
- To help maintain and improve the safety, security, and integrity of our Websites and Services.
- For testing, research, analysis, and product development, such as to develop and improve our Websites, Services, databases, other technology assets, and other offerings.
- To support our general business operations.
- To notify you about changes to our Websites or Services.
- As described to you when collecting your personal information.
- To fulfil any other purpose for which you provide it.
- For any other purpose with your consent.
- For any other lawful purpose.
- Remember information so you will not have to re-enter it during your visit or the next time you visit the Service.
- Provide, improve, test, and monitor the effectiveness of our Service.
- To help you efficiently access your information after you sign in.
- Monitor metrics such as total number of visitors, traffic, and demographic patterns.
- Diagnose or fix technology problems.
- Develop and test new products and features.
- KPI Insights and Customer Segmentation.
- KRI insights.
- Risk scoring and analytics.
- Intelligence and machine learning.
Imerale does not process personal data of children under 16 years of age, understood as individuals under the age of majority under the national laws of the Client’s country of incorporation. Only when the Imerale Client ensures that the person with parental responsibility for the child has consented to such processing. Otherwise, if a child’s personal data is accidentally submitted to Imerale, it will be deleted without undue delay.
Contractual performance
Imerale may process data as a Data Controller or as a Data Processor and process your data for the Imerale Client. We process personal data for the performance of the Agreements, including indicated services, obligations arising from the Agreement, and related rights, as well as for the execution of rights and fulfilment of obligations deriving from legal acts and processing Users' requests.
Imerale collects and further processes Users' data for the Client. Once personal data is no longer necessary for the relevant purpose, Imerale erases it from its servers within a reasonable timeframe upon the Client's written instruction without leaving any backup copies after transferring it to the Client.
Imerale can only perform these services if Imerale can process your personal data for this purpose. We process your personal data on this basis for the following purposes:
- Imerale website.
- To offer a platform for B2B customer risk management.
- A case management and customer monitoring platform.
- To connect to the relevant APIs to provide for verification purposes of Know-your-Customer (“KYC”) and related parties adverse media, PEP and sanctions screening.
- As a platform for customers’ data retrieval through a questionnaire.
- As may be distributed and made available through Imerale Services.
Legitimate interest
Imerale uses your personal data on the basis of our legitimate interest in the performance of our contract to enable us to:
- Create a persona about you, so:
i. Imerale can give you relevant insights on your onboarding statistics and insights.
ii. Imerale can deliver the benefit of the Imerale Services.
iii. Imerale can build better personas.
- To train data models and data science services.
- Provide you with updates on Imerale and the Imerale Services.
- Improve your experience of our Imerale Services and assess the use of the Imerale Services.
- Enrich our database so we can build better Imerale Services.
- Service improvement and optimisation of our Imerale Services and other services of Imerale.
- Make a secure connection between your device and the Imerale Services.
- Take action if Imerale needs to defend our rights under our Terms and Conditions if you misbehave or act in deviation of laws or regulations or the Terms and Conditions.
- We sometimes may be obliged to process or retain all or part of personal data for the establishment, exercise, or defence of legal claims.
- Track and examine the use of the Imerale Services and the website to prepare reports on its activities, analyse that data and use it for Imerale’ business purposes.
- Attract new Imerale Partners and Clients.
- Perform research and trend analysis.
- To (re)use personal information Imerale has collected to identify you and to verify your identity to validate the data Imerale holds about you and enrich your data (this excludes ID copies).
We process some personal data while adhering to the principles of personal data handling, namely lawfulness and accountability, by obtaining the legal basis for processing specific personal data concerning Users. Obtaining and maintaining records that we have obtained on such a legal basis is essential to prove that we comply and adhere to our legal obligations outside and in the European Union.
Imerale could use your personal data and can continue to use your personal data after you have stopped using the Imerale Services, in anonymised and aggregated form amongst others:
- To enrich content statistics and infographics.
- To develop and deliver additional or ancillary services (such as data insights or market analysis).
- For social media posts.
- For campaigns.
- For analytical research.
- To train data models and data science services.
- For other commercial or business purposes.
- To enrich our database so we can build better Imerale Services.
- Service improvement and optimization of our Imerale Services and other services of Imerale.
This will never contain data or insights or information that can be tracked down to you personally. Imerale will always use the minimum data required and will process to the minimum extent required. This data will be anonymised in a manner which is not reversible.
Data processing activities
Imerale provides multiple types of automated processing, including, but not limited to, collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination (if so legally binding), or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data validation
These data validation checks enable Clients to verify data against databases of third-party data providers and detect whether the User is involved in illicit activities, money laundering or terrorism financing. The data providers we may use depend on the Client’s needs and the User’s location and may include ID registers, proof of address checks, the Social Security Administration and other government or commercial sources and databases, consumer credit agencies, Politically Exposed Persons (PEPs) PEP lists, global and country-specific sanctions list, watchlists and adverse media sources.
Business verification
This requires us to verify the existence, details, ownership, and control structure (e.g., ultimate beneficial owner(s)) of a legal entity through analysis of corporate documents and review of corporate registries, where available.
Automated decision-making relief and checks
We conduct identity verification checks on behalf of the Client, however, we do not make any final decisions in relation to your acceptance or denial of services by the Imerale Client. Our role is to provide the Client with automated risk assessments based on the Client’s own risk appetite containing information about the identity verification process and results with the reasoning behind them reflecting the level of risk if any. The final decision on User onboarding is made on the Client’s side when the result of the processing performed by Imerale is transmitted to the respective Client.
The checks conducted by are either automated, semi-automated, or done manually. When we carry out processing activities, we implement a complicated verification system. A person will be involved if the system cannot reach an outcome on its own or recheck the system’s outcome. Such may occur when the data is uncertain, or the system faces some other difficulty in analysing information during the verification session. Thus, we contribute to ensuring that the verification process is fair and safe for Users.
Account Setup and Management
We process your personal information, such as your name, email address, and contact details, for the purpose of setting up and managing your account. This enables you to access and use our risk management services in a secure way effectively.
Usage Data
We collect and process usage data, such as login times, pages visited, and feature interactions, to understand how you use our Services. This information helps us improve the performance, functionality, and User experience of our platform.
Communication
We may process your contact information to communicate with you about important updates, service notifications, and to respond to your inquiries or requests for support.
Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience on our platform. These technologies help us understand User behaviour, improve our services, and deliver a more personalised experience.
Third-Party Data Sharing
In certain cases, we may share your data with third-party service providers, such as data analytics firms, to enhance our risk assessment capabilities. These third parties are bound by contractual agreements to maintain the confidentiality and security of your data.
Legal Compliance
We may process your data to comply with legal obligations, including regulatory requirements and requests from law enforcement authorities.
4. Your Rights
These terms of rights are only applicable in situations where Imerale acts as a Data Controller in respect of the Imerale Services. The applicable situations are:
- The use of Imerale Website
- The use of Imerale Dashboard platform
Change of control
If we sell or otherwise transfer part or the whole of Imerale or our assets to another organisation (e.g., in the course of a transaction like a merger, acquisition, bankruptcy, dissolution, liquidation), your information such as name and email address, User Content and any other information collected through the Service may be among the items sold or transferred. You will continue to own your User Content. The buyer or transferee will have to honour the commitments we have made in this Policy.
Inspection and correction
If you wish to know which of your data Imerale has recorded or if you wish to amend or remove data that you cannot amend via your account, contact Imerale directly.
You can request a copy of all personal data you have provided to Imerale through that Service. Additionally, upon written request from the Imerale Client, Imerale may assist in exercising the Data Subject’s rights.
Imerale can only give you the data Imerale holds ourselves. Any data that the provider of the Service or other parties hold about you is with them. You should request deletion of that data and your right to be forgotten directly with them.
Right to stop processing your data (right to object)
- The Imerale Services are designed to put you in control and enables you to withdraw your consent by terminating your contract and being offboarded as a Client and User.
- Imerale processes your data justified by the ‘public interest’ or ‘legitimate interest’ legal grounds as set out in points (e) and (f) of Article 6(1) of the GDPR.
- The Imerale Services are designed to put you in control and enables you to withdraw your consent by terminating your User and being offboarded as a User.
- Sending Imerale an email with the request to be forgotten if the above does not work.
- You have the right to ask Imerale not to process your personal data for marketing purposes. You can always unsubscribe to our emails and campaigns.
- You have the right to object to Imerale processing information about you where Imerale does so on the basis of a legitimate interest. If Imerale cannot abide, it could mean that Imerale may not be able to provide you with the Imerale Services at all and will stop your access to the Imerale Services.
- This would not invalidate any processing of the personal data prior to your withdrawal of consent.
Right to erasure
- This right is not absolute and applies only if your personal data is no longer necessary in relation to the purposes for which was collected or otherwise processed:
- Your personal data is no longer necessary in relation to the purposes for which was collected or otherwise processed; or
- The personal data have been unlawfully processed; or
- Subjected to the contractual obligations between the Data Controller (your service provider) and Imerale, you can request for a deletion of your account. This right to erasure is subjected to the EU Anti Money Laundering Directive data retention requirements; or
- An administrator User is also able to delete a User account.
Right to restrict
Imerale has the right to restrict the processing of your personal data where:
- You contest the accuracy of the personal data we hold about you, for a period enabling Imerale to verify the accuracy of the personal data.
- The processing of your personal data is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead.
- You have objected to processing of your personal data pending the verification whether the legitimate grounds of the Imerale override yours.
Where Imerale’s Client no longer needs your personal data for the purposes of the processing, but we are required to keep it for the establishment, exercise, or defence of legal claims we automatically restrict the processing of your personal data to this purpose and are subjected to legal obligations arising from data retention laws and regulations.
Right to object to automatic processing
Unless such decision is necessary for entering into, or performance of, a contract between you and the Data Controller. Requests should be sent to the Data Controller. In instances related to the Imerale Website or the Dashboard Web Application, Imerale is the Data Controller whilst in instances related to the Passport Web Application, the Data Controller is the User’s Service Provider. In the event that the decision is authorised by the law to which the Data Controller is subject, and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests or that such decisions are based on your explicit consent.
When you ask us for the execution of the rights as stated above, we may have to take steps to verify that you are the legitimate data owner and/or authorised to make the request due Imerale Client's request or our own legal obligation.
5. Legal requests and preventing harm
We may access, preserve and share your information in response to a legal request (like a search warrant, court order or subpoena) if we have a good faith belief that the law requires us to do so. We may also access, preserve and share information when we have a good faith belief it is necessary to: detect, prevent and address fraud and other illegal activity; to protect ourselves, you and others, including as part of investigations; and to prevent death or imminent bodily harm. Information we receive about you may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.
We may disclose your personal information to other businesses or entities where it is required in order for us to perform our obligations under our contract with you, where it is required to provide the goods or services you requested, where it is required by law, or where we have another legitimate interest in doing so including, but not limited to, as follows:
- To our subsidiaries and affiliates only for use in the manner described in this Privacy Policy:
i. Will always be bound by and limited by the provisions of this Privacy Policy.
ii. Does not limit or take away the liability and accountability of Imerale towards you for the processing of this data within the Imerale Group.
- To contractors, service providers, and other third parties that perform services on our behalf, such as credit card payment processors, event planners and coordinators, data management and storage providers, marketers and advertisers, analytics and research companies, and professional advisors.
- Providers of data storage, data management and platform providers to safely and securely store and process your data. This includes Google Cloud. Imerale will only deploy your data on Google Cloud installations in Europe.
- Identification and verification service providers, to help Imerale adhere to our legal obligations to verify your identity and the information you give Imerale. These may include our screening partners.
- To law enforcement agencies, regulators, and courts in response to a court order, subpoena, regulatory requirements or similar legal process, to report any activities we reasonably believe to be unlawful, or as otherwise required by law.
- To regulators in connection with their duties, such as crime prevention or carrying out regulatory oversight of what Imerale does.
- To fraud prevention agencies and law enforcement agencies, to prevent and detect fraud, money laundering or other crimes.
- To enforce or apply our Terms or other agreements, including for billing and collection purposes.
- Website and app analytics to provide you with the best experience.
- Customer relation management to provide you with customer care services.
- For any other purpose disclosed by us when you provide the information; and
- Otherwise with your consent.
Imerale assists the Data Controllers (Imerale Clients) with the obligation of providing the mechanism for withdrawal of consent (Article 7 (3) EU GDPR) and objection to processing based on legitimate interests (Article 21 (1) EU GDPR).
Depending on the legal basis of processing that the Client relies on (consent or legitimate interest), the right to withdraw consent or the right to the object of processing can be exercised. Imerale does not make decisions regarding such requests on its own, as Imerale acts in accordance with the written instructions of the Client, who exercises control over personal data. Imerale can only redirect the User’s request to the Client for whom the User was verified.
6. Safety and Security
Imerale has taken appropriate technical and organisational measures by using the latest technologies to protect your information against loss or unlawful processing. We use safeguards to help keep the information collected through the Service secure and take steps (such as requesting a unique password) to verify your identity before granting you access to your account. However, Imerale cannot ensure the security of any information you transmit to Imerale or guarantee that information on the Service may not be accessed, disclosed, altered, or destroyed. We request you to do your part to help us. You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to emails between you and Imerale, at all times. We are not responsible for the functionality, privacy, or security measures of any other organisation.
International transfer
Your information may be transferred to, and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
Your data is stored in Europe
The personal data Imerale collect from you is stored on secure information technology systems located in the European Economic Area (“EEA”) (for example: Belgium, The Netherlands, Germany and Ireland), but it may be processed or viewed by staff or companies outside the EEA who work for Imerale or one of our partners.
Regardless of location, Imerale will always impose on our employees or contractors the same data protection safeguards that we use inside the EEA. Where we are transferring your data to countries which are outside the EEA and that have not been approved by the European Commission or other relevant authorities as providing essentially equivalent protections to within the EEA, we will transfer it to European Commission authorities approved contractual terms.
Help us protect you
- To help Imerale protect your personal data, you agree to comply with our security policies and procedures that Imerale may notify you from time to time.
- You also agree to take all reasonable steps to prevent the unauthorised or fraudulent use of the Imerale Services or the Service that Imerale - Services are part of (e.g. your User Login or other security credentials).
- If you find out or suspect that your credentials have been lost, stolen, or someone has used it without your permission, you must tell Imerale and the provider of the Service as soon as possible.
7. Third-party applications, websites and services
In reference to the Imerale Website, we are not responsible for the practices employed by any applications, websites or services linked to or from our website, including the information or content contained within them. When you use a link to go from our website to another application, website or service, our Privacy Policy does not apply to those third-party applications, websites or services. Your browsing and interaction on any third-party application, website or service, including those that have a link on our website, are subject to that third party's own rules and policies. In addition, you agree that we are not responsible and do not have control over any third-parties that you authorise to access your User Content. If you are using a third-party app, website or service and you allow them to access your User Content you do so at your own risk.
8. Retention period
In accordance with the law, Imerale does not retain data any longer than is required for attaining the purposes for which they were collected unless Imerale is obliged to do so based on a legal provision. The retention period depends entirely on the processing purpose. Imerale Clients define how long personal data should be stored and when to delete it.
If a User would like to make a request to delete the personal data that you have provided for the purpose of a particular Imerale Client, request should be made directly to the Imerale Client that requested for such data. In general, personal data will be retained and stored by Imerale and will be permanently destroyed based on the Client’s instructions when the Client’s initial purpose and/or retention period prescribed by applicable law expires.
Any personal data is deleted only after (a) obtaining the applicant's data deletion request in line with corresponding procedures by the Client or the Data Subject or (b) the satisfaction of the purpose for data processing, including expiration of retention period prescribed by applicable law.
If you delete your Imerale Services data or invoke your right to be forgotten, Imerale will use feasible solutions to make it no longer directly available in our systems, like archiving it. This means that in such case:
- Imerale will no longer actively process your data as part of the Imerale Services.
- It will continue to be available for processing under a legal or regulatory obligation.
Any request to delete all or any personal data related to a User is fulfilled within 30 days. This period is justified by the complexity of the systems and technologies Imerale operates to process the data.
9. How to contact us
If you have any questions about this Privacy Policy or the Service, you may send an email to contact@imerale.com.
10. Complaints to the Privacy Regulator
You have the right to complain to the privacy regulator in the country in which you reside, where you work, or anywhere where you believe we might have broken data protection rules.
In France, the privacy regulator is the Commission nationale de l’informatique et des libertés, 'CNIL'. The CNIL can be contacted at:
Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris CEDEX 07, France
Telephone number: +33 (0)1 53 73 22 22
We collect this information when you visit our website or web application with your computer, tablet, phone, or smartwatch ("Computer"). We process personal data in a manner that is in accordance with the EU General Data Protection Regulation (“GDPR”), the GDPR-based legislation and the French Data Protection Act (“DPA”). By accessing or using our Services, you agree to us collecting, storing, and processing your information in accordance with this Policy. This Policy may change from time to time, and your continued use of the Services after we make those changes is deemed to be acceptance of those changes.
This Imerale Privacy Policy (“PrivacyPolicy”) is also applicable to the processing of your personal data as part of the Imerale Services that are made available and distributed through the service you are using. In different instances, Imerale may be the Data Controller or a Data Processor of the data it processes under the Imerale Services. By having an account and using our services, you agree to be bound by this Policy and if applicable, the Imerale Website Terms & Conditions (“Website Terms”) and/or the Imerale Dashboard Terms & Conditions (“Dashboard Terms”) and/or the Imerale Passport Terms and Conditions (“Passport Terms”). By accessing and using our Services, you agree to comply with and be bound by these Terms. If you do not agree with these Terms, do not access our websites, use our service, or access the Imerale Website, Dashboard or Passport.
This Privacy Policy outlines how we process personal data, commit to protecting your information, and provide the framework through which effective management of data protection matters can be achieved while providing our Services. This Privacy Policy does not cover how Imerale Clients as Data Controllers may treat Users' personal data. Imerale Clients provide this information in their privacy statements which are not subject to Imerale’s control.
1. Defintions
“Dashboard” means the online tool provided by Imerale through its web application, which allows Users to access and display specific information, data or content related to their account or use of Imerale’s Services and may include various features and functionalities for User interaction and customisation. The Dashboard may provide real-time or aggregated data, analytics or other relevant information for the User’s convenience and use in accordance with the Dashboard Terms.
“Data Controller” means an individual or organisation that determines the purposes and means of processing personal data. The Data Controller is responsible for making decisions about how and why personal data is processed, and they are ultimately accountable for ensuring that the processing of this data complies with GDPR requirements.
“Data Processor” means an individual or entity that processes personal data on behalf of a Data Controller. The Data Processor carries out data processing activities as instructed by the Data Controller and is responsible for handling the personal data in accordance with the Data Controller's instructions and the requirements of data protection laws.
“Imerale Client” means the legal entity that has a contractual relationship with Imerale for the provision of Imerale Services.
“Imerale Services” means the services delivered by Imerale:
- Imerale website.
- To offer a platform for B2B customer risk management.
- A case management and customer monitoring platform.
- To connect to the relevant APIs to provide for verification purposes of Know-your-Customer (“KYC”) and related parties adverse media, PEP and sanctions screening.
- As a platform for customers’ data retrieval through a questionnaire.
- As may be distributed and made available through Imerale Services.
“Passport” means the online tool provided by Imerale through its web application, which allows users to access and display specific information, data or content related to their account or use of Imerale’s Services and may include various features and functionalities for user interaction and customisation. The Passport serves as an identification platform for the Users to submit data to their Service Provider who are Imerale Clients. The Passport is to be used in accordance with the Passport Terms.
“Service Provider” means an entity or organisation that offers services or performs specific tasks for another individual, business, or entity. These services can encompass a wide range of activities and can be provided in various industries. Service providers are typically contracted to deliver a particular service or set of services, and they may operate on a one-time or ongoing basis. A Service Provider may have access to or process data on behalf of the Data Controller. These service providers may have access to User data for the purpose of providing their services, and their roles and responsibilities are typically defined in data processing agreements or contracts to ensure data protection and compliance with privacy regulations.
“Users” or “You” means all natural persons and all legal persons who visit the Imerale Services, log in to the Dashboard or Passport, and/or use, share and/or input information on the Imerale Website, Dashboard or Passport.
2. What personal data do we collect?
What is personal data?
Personal data is any information relating to an identified or identifiable person, also known as a “Data Subject”. An identifiable person is someone who can be directly or indirectly identified by reference to one or more factors specific to their physical, physiological, genetic, economic, cultural or social identity (such as a name, an identification number, email, address or an online identifier).
Information you provide
We collect the following information provided to us either directly or indirectly by interacting with the Services or by corresponding with Imerale by phone, email or otherwise. Examples of personal data include:
- By which you may be personally identified, such as any identifier by which you may be contacted online or offline ("personal information").
- That is about you but individually does not identify you.
- About your internet connection, the equipment you use to access our Websites or Services, and usage details about the Websites and Services.
- Contact details: Name and email address connected to the Account.
- Profile information that is used for the User.
- Personal information required to identify and verify the information provided to Imerale.
- General personal data including but not limited to full name, personal identification code or number, date of birth, legal capacity, nationality and citizenship, location (street, city, country, and postcode).
- Identity document data including but not limited to Document type, issuing country, number, expiry date, MRZ, information embedded into document barcodes (may vary depending on the document), security features.
- User Content (e.g. text, validations, or other materials) that is provided to the Service.
- Communications between you and Imerale (e.g., we may send Service-related emails).
We collect information in the following ways:
- Directly from you when you provide it to us through the Imerale Services.
- Automatically as you navigate through the Imerale Services. Information collected automatically may include usage details, IP addresses, and information collected through cookies or other tracking technologies.
- From third parties, for example, our Service Providers.
- From the Data Controller (Imerale Client) who engages our services.
Information from other sources
We may receive information from other sources, such as company registries, government databases, third-party platforms and forums, social media and public information, contacts, and business partners. Examples of the type of information we may receive from other sources are:
a. Personal information, such as your name, date of birth, personal and professional mailing address, email and phone number, and professional and educational history:
i. Profile information, comments, and similar information provided to or on social or professional networks and other forums that connect to Imerale.
ii. Interests, demographic data, and purchasing behaviour.
b. Information collected from you offline or through other channels. For example:
i. Information you provide when attending a conference, event, or other in-person function.
ii. Information you provide over the phone.
Log file information
We collect information that your browser sends whenever you visit the Imerale Services. This log file information may include information such as your computer's Internet Protocol address, browser type, browser version, your login information, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, location data, and other statistics.
We use tools to improve the User experience and to personalise your Imerale Services experience. Therefore, Imerale performs statistical analyses about the way you use Imerale Service such as information on how you navigate, how much time you spend, how long you visit, and from where you came to our service.
We use well-known advertising platforms such as Google or LinkedIn in promoting our Imerale Website:
- If you click through such an advert and start using the Imerale website, an automated process will confirm to the advertising platform that you have gone to the Imerale website.
- If you don’t use these platforms Imerale will not collect or process this data.
Any data you share on social media platforms will be accessible by them as described in their terms of service.
We use tools to improve the user experience of our website. Therefore, Imerale performs statistical analyses about the way you use the services of Imerale such as information on how you navigate, how much time you spend, how long you visit, and from where you came to our service.
Metadata
Metadata is usually technical data that is associated with User Content. For instance, metadata can describe how, when and by whom a piece of User Content was collected and how that content is formatted.
Purposes of processing data
Imerale adheres to the principles of personal data protection as described in the EU GDPR and the French DPA. In accordance with these principles, Imerale, when acting as Data Controller, or acting as a Data Processor on behalf of Imerale Clients as the Data Controller, is ensuring that the User’s personal data:
- Processed fairly and lawfully and in a transparent manner in relation to the Data Subject.
- Processed for specified, explicit, and legitimate purposes only and not further processed in a manner that is incompatible with those purposes.
- Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
- Kept accurate and up to date.
- Retained in a form permitting identification of Data Subjects for no longer than is necessary for the purposes for which they are processed.
- Processed in a manner that ensures their appropriate security.
- Not transferred outside the European Economic Area (EEA) without adequate protection.
By using our Service, you leave certain information with us, for example by having an account, registering to be part of our newsletter, or completing a contact form. This may include data such as name and email address. Imerale collects and processes this data to make our services accessible. We also collect information about your computer (such as IP address, browser type and operating system) so that we can improve our services. The personal data will not be provided to third parties unless we are obliged to do so on the basis of legislation and regulations. Some of the information we collect may, when combined with other information, be personal information that could be used to identify you. Such information is treated as personal information.
There are three situations in which Imerale processes personal data in the course of the Imerale Services:
- Imerale may process personal data as a Data Controller in the provision of our Dashboard Services to the Imerale Clients and its employees.
- Imerale may process personal data as a Data Controller in our Website Services to Users.
- Imerale may process personal data as a Data Processor in the course of service provision to Imerale Clients according to their instructions and on the basis of the contractual agreement concluded between Imerale and its Clients.
In the event of the third situation defined above, the Imerale Client is the Data Controller who determines the purpose of data processing, exercises control over the User’s personal data, and stipulates the retention period of the User’s data according to its purposes. Imerale is a Data Processor that conducts only those data processing activities that the Imerale Client requests. Imerale grants the Imerale Client use of the Dashboard and Passport services for B2B customer onboarding and monitoring processes for the Client as part of Imerale Services. These Services are made available to Users by the Imerale Client who is the Data Controller of the personal data processed by Imerale.
Legal basis for processing data
There are several bases on which Imerale can process personal data. These are: the execution of an agreement, legitimate interest, based on a legal obligation or on the basis of your consent. We process your personal data to the extent necessary to achieve the purpose for which we collect the personal data.
You are responsible for ensuring the accuracy of personal information you provide to us. Inaccurate information may affect your ability to use the Services, including your licence, the information you receive when using the Services, and our ability to contact you.
When Imerale is engaged by its Clients to perform B2B customer onboarding activities in respect of their Users, the processing of personal data is covered by the legal grounds included in the agreement between Imerale and the Imerale Client. The grounds Imerale Client processes personal data is stated in their respective Privacy Policy.
In line with Article 6 of the EU GDPR, in our capacity as Data Controllers, Imerale relies on an appropriate legal ground when processing personal data. We rely on the following grounds for processing personal data:
- Article 6(1)(c) of the GDPR: [personal data] processing is necessary for compliance with a legal obligation to which the controller is subject.
- Article 6(1)(e) of the GDPR: [personal data] processing is necessary for the performance of a task carried out in the public interest.
- Article 6 (1)(a) of the GDPR: the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- Article 6(1)(f) of the GDPR – legitimate interest: Our legitimate interest arises from the strict necessity of internal analysis and ongoing development and improvement of Imerale’s services that our Clients use to detect fraud and illicit activities to prevent money laundering, terrorist financing, fraud, and other activities, which are considered a matter of substantial public interest. In this case, we use legitimate interest if the Client grants us permission to process data provided that our purposes are compatible with those initial purposes for which the personal data has been collected. Such purposes are compatible due to the obligations or interests of our Client regarding the performing of due diligence, the combat of fraud and detection of any illegal actions.
We may process your sensitive data if the Client has a reasonable legal ground for such processing.
3. How do we use this information?
We use, store, and process the information we collect to provide and improve the Services, to support our business functions, and to personalise, provide, measure and improve our advertising and marketing.
We use all the information we have to help us provide and support our Imerale Services. Here is how we may use this information:
- To present our Websites and their contents to you.
- To provide you with information, products, or services that you request from us such as demo requests and contact formula.
- For customer service and customer support purposes.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection activities.
- To facilitate payment or delivery of services requested.
- To provide you with support and respond to your inquiries, such as to investigate and address your concerns, and monitor and improve our responses.
- To manage your account and provide you with notices regarding the Services, including expiration and renewal notices.
- To provide, personalise, measure, and improve your experience with our Websites and to deliver content and product and service offerings based on your advertising customization preferences.
- To send you information about Imerale products, services, and promotions.
- To administer promotional activities, such as surveys, sweepstakes, contests, and referrals.
- To help maintain and improve the safety, security, and integrity of our Websites and Services.
- For testing, research, analysis, and product development, such as to develop and improve our Websites, Services, databases, other technology assets, and other offerings.
- To support our general business operations.
- To notify you about changes to our Websites or Services.
- As described to you when collecting your personal information.
- To fulfil any other purpose for which you provide it.
- For any other purpose with your consent.
- For any other lawful purpose.
- Remember information so you will not have to re-enter it during your visit or the next time you visit the Service.
- Provide, improve, test, and monitor the effectiveness of our Service.
- To help you efficiently access your information after you sign in.
- Monitor metrics such as total number of visitors, traffic, and demographic patterns.
- Diagnose or fix technology problems.
- Develop and test new products and features.
- KPI Insights and Customer Segmentation.
- KRI insights.
- Risk scoring and analytics.
- Intelligence and machine learning.
Imerale does not process personal data of children under 16 years of age, understood as individuals under the age of majority under the national laws of the Client’s country of incorporation. Only when the Imerale Client ensures that the person with parental responsibility for the child has consented to such processing. Otherwise, if a child’s personal data is accidentally submitted to Imerale, it will be deleted without undue delay.
Contractual performance
Imerale may process data as a Data Controller or as a Data Processor and process your data for the Imerale Client. We process personal data for the performance of the Agreements, including indicated services, obligations arising from the Agreement, and related rights, as well as for the execution of rights and fulfilment of obligations deriving from legal acts and processing Users' requests.
Imerale collects and further processes Users' data for the Client. Once personal data is no longer necessary for the relevant purpose, Imerale erases it from its servers within a reasonable timeframe upon the Client's written instruction without leaving any backup copies after transferring it to the Client.
Imerale can only perform these services if Imerale can process your personal data for this purpose. We process your personal data on this basis for the following purposes:
- Imerale website.
- To offer a platform for B2B customer risk management.
- A case management and customer monitoring platform.
- To connect to the relevant APIs to provide for verification purposes of Know-your-Customer (“KYC”) and related parties adverse media, PEP and sanctions screening.
- As a platform for customers’ data retrieval through a questionnaire.
- As may be distributed and made available through Imerale Services.
Legitimate interest
Imerale uses your personal data on the basis of our legitimate interest in the performance of our contract to enable us to:
- Create a persona about you, so:
i. Imerale can give you relevant insights on your onboarding statistics and insights.
ii. Imerale can deliver the benefit of the Imerale Services.
iii. Imerale can build better personas.
- To train data models and data science services.
- Provide you with updates on Imerale and the Imerale Services.
- Improve your experience of our Imerale Services and assess the use of the Imerale Services.
- Enrich our database so we can build better Imerale Services.
- Service improvement and optimisation of our Imerale Services and other services of Imerale.
- Make a secure connection between your device and the Imerale Services.
- Take action if Imerale needs to defend our rights under our Terms and Conditions if you misbehave or act in deviation of laws or regulations or the Terms and Conditions.
- We sometimes may be obliged to process or retain all or part of personal data for the establishment, exercise, or defence of legal claims.
- Track and examine the use of the Imerale Services and the website to prepare reports on its activities, analyse that data and use it for Imerale’ business purposes.
- Attract new Imerale Partners and Clients.
- Perform research and trend analysis.
- To (re)use personal information Imerale has collected to identify you and to verify your identity to validate the data Imerale holds about you and enrich your data (this excludes ID copies).
We process some personal data while adhering to the principles of personal data handling, namely lawfulness and accountability, by obtaining the legal basis for processing specific personal data concerning Users. Obtaining and maintaining records that we have obtained on such a legal basis is essential to prove that we comply and adhere to our legal obligations outside and in the European Union.
Imerale could use your personal data and can continue to use your personal data after you have stopped using the Imerale Services, in anonymised and aggregated form amongst others:
- To enrich content statistics and infographics.
- To develop and deliver additional or ancillary services (such as data insights or market analysis).
- For social media posts.
- For campaigns.
- For analytical research.
- To train data models and data science services.
- For other commercial or business purposes.
- To enrich our database so we can build better Imerale Services.
- Service improvement and optimization of our Imerale Services and other services of Imerale.
This will never contain data or insights or information that can be tracked down to you personally. Imerale will always use the minimum data required and will process to the minimum extent required. This data will be anonymised in a manner which is not reversible.
Data processing activities
Imerale provides multiple types of automated processing, including, but not limited to, collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination (if so legally binding), or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data validation
These data validation checks enable Clients to verify data against databases of third-party data providers and detect whether the User is involved in illicit activities, money laundering or terrorism financing. The data providers we may use depend on the Client’s needs and the User’s location and may include ID registers, proof of address checks, the Social Security Administration and other government or commercial sources and databases, consumer credit agencies, Politically Exposed Persons (PEPs) PEP lists, global and country-specific sanctions list, watchlists and adverse media sources.
Business verification
This requires us to verify the existence, details, ownership, and control structure (e.g., ultimate beneficial owner(s)) of a legal entity through analysis of corporate documents and review of corporate registries, where available.
Automated decision-making relief and checks
We conduct identity verification checks on behalf of the Client, however, we do not make any final decisions in relation to your acceptance or denial of services by the Imerale Client. Our role is to provide the Client with automated risk assessments based on the Client’s own risk appetite containing information about the identity verification process and results with the reasoning behind them reflecting the level of risk if any. The final decision on User onboarding is made on the Client’s side when the result of the processing performed by Imerale is transmitted to the respective Client.
The checks conducted by are either automated, semi-automated, or done manually. When we carry out processing activities, we implement a complicated verification system. A person will be involved if the system cannot reach an outcome on its own or recheck the system’s outcome. Such may occur when the data is uncertain, or the system faces some other difficulty in analysing information during the verification session. Thus, we contribute to ensuring that the verification process is fair and safe for Users.
Account Setup and Management
We process your personal information, such as your name, email address, and contact details, for the purpose of setting up and managing your account. This enables you to access and use our risk management services in a secure way effectively.
Usage Data
We collect and process usage data, such as login times, pages visited, and feature interactions, to understand how you use our Services. This information helps us improve the performance, functionality, and User experience of our platform.
Communication
We may process your contact information to communicate with you about important updates, service notifications, and to respond to your inquiries or requests for support.
Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience on our platform. These technologies help us understand User behaviour, improve our services, and deliver a more personalised experience.
Third-Party Data Sharing
In certain cases, we may share your data with third-party service providers, such as data analytics firms, to enhance our risk assessment capabilities. These third parties are bound by contractual agreements to maintain the confidentiality and security of your data.
Legal Compliance
We may process your data to comply with legal obligations, including regulatory requirements and requests from law enforcement authorities.
4. Your Rights
These terms of rights are only applicable in situations where Imerale acts as a Data Controller in respect of the Imerale Services. The applicable situations are:
- The use of Imerale Website
- The use of Imerale Dashboard platform
Change of control
If we sell or otherwise transfer part or the whole of Imerale or our assets to another organisation (e.g., in the course of a transaction like a merger, acquisition, bankruptcy, dissolution, liquidation), your information such as name and email address, User Content and any other information collected through the Service may be among the items sold or transferred. You will continue to own your User Content. The buyer or transferee will have to honour the commitments we have made in this Policy.
Inspection and correction
If you wish to know which of your data Imerale has recorded or if you wish to amend or remove data that you cannot amend via your account, contact Imerale directly.
You can request a copy of all personal data you have provided to Imerale through that Service. Additionally, upon written request from the Imerale Client, Imerale may assist in exercising the Data Subject’s rights.
Imerale can only give you the data Imerale holds ourselves. Any data that the provider of the Service or other parties hold about you is with them. You should request deletion of that data and your right to be forgotten directly with them.
Right to stop processing your data (right to object)
- The Imerale Services are designed to put you in control and enables you to withdraw your consent by terminating your contract and being offboarded as a Client and User.
- Imerale processes your data justified by the ‘public interest’ or ‘legitimate interest’ legal grounds as set out in points (e) and (f) of Article 6(1) of the GDPR.
- The Imerale Services are designed to put you in control and enables you to withdraw your consent by terminating your User and being offboarded as a User.
- Sending Imerale an email with the request to be forgotten if the above does not work.
- You have the right to ask Imerale not to process your personal data for marketing purposes. You can always unsubscribe to our emails and campaigns.
- You have the right to object to Imerale processing information about you where Imerale does so on the basis of a legitimate interest. If Imerale cannot abide, it could mean that Imerale may not be able to provide you with the Imerale Services at all and will stop your access to the Imerale Services.
- This would not invalidate any processing of the personal data prior to your withdrawal of consent.
Right to erasure
- This right is not absolute and applies only if your personal data is no longer necessary in relation to the purposes for which was collected or otherwise processed:
- Your personal data is no longer necessary in relation to the purposes for which was collected or otherwise processed; or
- The personal data have been unlawfully processed; or
- Subjected to the contractual obligations between the Data Controller (your service provider) and Imerale, you can request for a deletion of your account. This right to erasure is subjected to the EU Anti Money Laundering Directive data retention requirements; or
- An administrator User is also able to delete a User account.
Right to restrict
Imerale has the right to restrict the processing of your personal data where:
- You contest the accuracy of the personal data we hold about you, for a period enabling Imerale to verify the accuracy of the personal data.
- The processing of your personal data is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead.
- You have objected to processing of your personal data pending the verification whether the legitimate grounds of the Imerale override yours.
Where Imerale’s Client no longer needs your personal data for the purposes of the processing, but we are required to keep it for the establishment, exercise, or defence of legal claims we automatically restrict the processing of your personal data to this purpose and are subjected to legal obligations arising from data retention laws and regulations.
Right to object to automatic processing
Unless such decision is necessary for entering into, or performance of, a contract between you and the Data Controller. Requests should be sent to the Data Controller. In instances related to the Imerale Website or the Dashboard Web Application, Imerale is the Data Controller whilst in instances related to the Passport Web Application, the Data Controller is the User’s Service Provider. In the event that the decision is authorised by the law to which the Data Controller is subject, and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests or that such decisions are based on your explicit consent.
When you ask us for the execution of the rights as stated above, we may have to take steps to verify that you are the legitimate data owner and/or authorised to make the request due Imerale Client's request or our own legal obligation.
5. Legal requests and preventing harm
We may access, preserve and share your information in response to a legal request (like a search warrant, court order or subpoena) if we have a good faith belief that the law requires us to do so. We may also access, preserve and share information when we have a good faith belief it is necessary to: detect, prevent and address fraud and other illegal activity; to protect ourselves, you and others, including as part of investigations; and to prevent death or imminent bodily harm. Information we receive about you may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.
We may disclose your personal information to other businesses or entities where it is required in order for us to perform our obligations under our contract with you, where it is required to provide the goods or services you requested, where it is required by law, or where we have another legitimate interest in doing so including, but not limited to, as follows:
- To our subsidiaries and affiliates only for use in the manner described in this Privacy Policy:
i. Will always be bound by and limited by the provisions of this Privacy Policy.
ii. Does not limit or take away the liability and accountability of Imerale towards you for the processing of this data within the Imerale Group.
- To contractors, service providers, and other third parties that perform services on our behalf, such as credit card payment processors, event planners and coordinators, data management and storage providers, marketers and advertisers, analytics and research companies, and professional advisors.
- Providers of data storage, data management and platform providers to safely and securely store and process your data. This includes Google Cloud. Imerale will only deploy your data on Google Cloud installations in Europe.
- Identification and verification service providers, to help Imerale adhere to our legal obligations to verify your identity and the information you give Imerale. These may include our screening partners.
- To law enforcement agencies, regulators, and courts in response to a court order, subpoena, regulatory requirements or similar legal process, to report any activities we reasonably believe to be unlawful, or as otherwise required by law.
- To regulators in connection with their duties, such as crime prevention or carrying out regulatory oversight of what Imerale does.
- To fraud prevention agencies and law enforcement agencies, to prevent and detect fraud, money laundering or other crimes.
- To enforce or apply our Terms or other agreements, including for billing and collection purposes.
- Website and app analytics to provide you with the best experience.
- Customer relation management to provide you with customer care services.
- For any other purpose disclosed by us when you provide the information; and
- Otherwise with your consent.
Imerale assists the Data Controllers (Imerale Clients) with the obligation of providing the mechanism for withdrawal of consent (Article 7 (3) EU GDPR) and objection to processing based on legitimate interests (Article 21 (1) EU GDPR).
Depending on the legal basis of processing that the Client relies on (consent or legitimate interest), the right to withdraw consent or the right to the object of processing can be exercised. Imerale does not make decisions regarding such requests on its own, as Imerale acts in accordance with the written instructions of the Client, who exercises control over personal data. Imerale can only redirect the User’s request to the Client for whom the User was verified.
6. Safety and Security
Imerale has taken appropriate technical and organisational measures by using the latest technologies to protect your information against loss or unlawful processing. We use safeguards to help keep the information collected through the Service secure and take steps (such as requesting a unique password) to verify your identity before granting you access to your account. However, Imerale cannot ensure the security of any information you transmit to Imerale or guarantee that information on the Service may not be accessed, disclosed, altered, or destroyed. We request you to do your part to help us. You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to emails between you and Imerale, at all times. We are not responsible for the functionality, privacy, or security measures of any other organisation.
International transfer
Your information may be transferred to, and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
Your data is stored in Europe
The personal data Imerale collect from you is stored on secure information technology systems located in the European Economic Area (“EEA”) (for example: Belgium, The Netherlands, Germany and Ireland), but it may be processed or viewed by staff or companies outside the EEA who work for Imerale or one of our partners.
Regardless of location, Imerale will always impose on our employees or contractors the same data protection safeguards that we use inside the EEA. Where we are transferring your data to countries which are outside the EEA and that have not been approved by the European Commission or other relevant authorities as providing essentially equivalent protections to within the EEA, we will transfer it to European Commission authorities approved contractual terms.
Help us protect you
- To help Imerale protect your personal data, you agree to comply with our security policies and procedures that Imerale may notify you from time to time.
- You also agree to take all reasonable steps to prevent the unauthorised or fraudulent use of the Imerale Services or the Service that Imerale - Services are part of (e.g. your User Login or other security credentials).
- If you find out or suspect that your credentials have been lost, stolen, or someone has used it without your permission, you must tell Imerale and the provider of the Service as soon as possible.
7. Third-party applications, websites and services
In reference to the Imerale Website, we are not responsible for the practices employed by any applications, websites or services linked to or from our website, including the information or content contained within them. When you use a link to go from our website to another application, website or service, our Privacy Policy does not apply to those third-party applications, websites or services. Your browsing and interaction on any third-party application, website or service, including those that have a link on our website, are subject to that third party's own rules and policies. In addition, you agree that we are not responsible and do not have control over any third-parties that you authorise to access your User Content. If you are using a third-party app, website or service and you allow them to access your User Content you do so at your own risk.
8. Retention period
In accordance with the law, Imerale does not retain data any longer than is required for attaining the purposes for which they were collected unless Imerale is obliged to do so based on a legal provision. The retention period depends entirely on the processing purpose. Imerale Clients define how long personal data should be stored and when to delete it.
If a User would like to make a request to delete the personal data that you have provided for the purpose of a particular Imerale Client, request should be made directly to the Imerale Client that requested for such data. In general, personal data will be retained and stored by Imerale and will be permanently destroyed based on the Client’s instructions when the Client’s initial purpose and/or retention period prescribed by applicable law expires.
Any personal data is deleted only after (a) obtaining the applicant's data deletion request in line with corresponding procedures by the Client or the Data Subject or (b) the satisfaction of the purpose for data processing, including expiration of retention period prescribed by applicable law.
If you delete your Imerale Services data or invoke your right to be forgotten, Imerale will use feasible solutions to make it no longer directly available in our systems, like archiving it. This means that in such case:
- Imerale will no longer actively process your data as part of the Imerale Services.
- It will continue to be available for processing under a legal or regulatory obligation.
Any request to delete all or any personal data related to a User is fulfilled within 30 days. This period is justified by the complexity of the systems and technologies Imerale operates to process the data.
9. How to contact us
If you have any questions about this Privacy Policy or the Service, you may send an email to contact@imerale.com.
10. Complaints to the Privacy Regulator
You have the right to complain to the privacy regulator in the country in which you reside, where you work, or anywhere where you believe we might have broken data protection rules.
In France, the privacy regulator is the Commission nationale de l’informatique et des libertés, 'CNIL'. The CNIL can be contacted at:
Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris CEDEX 07, France
Telephone number: +33 (0)1 53 73 22 22