Privacy Policy – InnovationAbility

What data do we collect?

We collect the following data:

• The personal identification information you provide in the contact form (Name, email address and anything you add in the message section).
• We remember your responses to the cookie consent questions.
• If you allow the cookie, we save the language setting of the last page you viewed on our site to automatically use the same language the next time you visit our site.

Please note that the 3rd party services used on this site independently collect data in order to work correctly. You can find out more in the “Use of Third Party Services” section below.

How do we collect your data?

You directly provide us with most of the data we collect. We collect data and process data when you:
• Voluntarily complete a contact form.
• Use or view our website via your browser’s cookies.

How will we use your data?

We collect your data so that we can:
• Remember your privacy /cookie settings
• Email you in reply to your contact form request
• Ensure the website functions safely and correctly

How do we store your data?

We securely store the data you send us via the contact form using Microsoft 365 Business cloud-based software. Microsoft 365 uses industry-standard encryption for data transfers and “at rest” encryption for data stored in its data centres. Microsoft 365 conforms to many international standards for data security and protection (for example it is ISO 27001 certified).

We will keep the data you entered in the contact form for no longer than necessary. We will regularly review whether we have maintained correspondence (discussions, questions, propositions) with you. If we find that we have not been in contact for over 1 year we will delete your data (remove all old emails, delete your details from our address book).

The cookies on your browser will expire according to the durations shown in the cookie policy.

Marketing

We do not use your data for Marketing, so you will not be added to mailing lists.

What are your data protection rights?

We would like to make sure you are fully aware of all of your data protection rights.

Every user is entitled to the following:

The right to access – You have the right to request copies of your personal data.
The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to any processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at rob@innovationability.com.

Privacy policies of other websites

Our website can contain links to other websites that you may click on to access their 3rd party content (such as articles, further information and videos). Our privacy policy applies only to our website, so if you click on a link to another website we advise you to read their privacy & cookie policies.

Use of third party services

To deliver essential functionalities, our website uses the services of selected third parties, which in turn requires that some elements of your personal data are transferred to them. In general, the kind of data shared is typically IP address, user agent, referrer and Site URL and it is shared on the legal basis of legitimate interest.

The data can be processed outside the EU and each service provider has accordingly implemented the EU-recognised Standard Contractual Clauses (SCCs). All third parties have solid privacy and GDPR policies, declare that they minimise the duration of data storage and do not share this data with other third parties. You can find out more below.

Akismet – spam protection for the contact form

Akismet collects information about users who complete the contact form. The information Akismet collects typically includes the user’s IP address, user agent, referrer, and Site URL (along with other information directly provided directly by the user such as their name, email address and the message itself).

The purpose of this activity is to stop the generation of spam & malicious emails via the site contact form. The legal basis is therefore the legitimate interest in the efficient and safe communication between users and us according to Art. 6 (1) lit. f) GDPR.

The data collected by Akismet is stored on secure servers located all over the world. Data transfers outside EU are carried out under the Standard Contractual Clauses (SCCs), which have been upheld by the EU Court of Justice as a legal means of transferring data under the requirements of the GDPR.

Most data is held for less than 90 days and users can opt-out of all long-term tracking for the small subset of data kept for longer by using the Akismet contact form. For further information & link to the contact form: https://akismet.com/privacy/

Sucuri – website security and firewall

Sucuri ensures the security of our website vs cyber attacks. Your connection & interaction with our website happens via the Sucuri firewall, which analyses all traffic to eliminate threats. This means that Sucuri has access to all information transferred between you and our site including the user’s IP address, user agent, referrer, and Site URL (along with other information directly provided directly by the user if they use the contact form such as their name, email address and the message itself).

The purpose of this activity is to protect the website from cyber attacks and hacking. The legal basis is therefore the legitimate interest in the safe and secure functioning of the website and associated interactions with users according to Art. 6 (1) lit. f) GDPR.

The data collected by Sucuri is processed live on secure servers located all over the world. Data transfers outside EU are carried out under the Standard Contractual Clauses (SCCs), which have been upheld by the EU Court of Justice as a legal means of transferring data under the requirements of the GDPR. For further information please see: https://sucuri.net/privacy/

Fathom Analytics – collecting usage statistics for this website

We do not use Google Analytics. We want to process as little personal information as possible when you use our website so we use Fathom Analytics for our website statistics. Fathom Analytics is a privacy-focussed analytical company owned by Conva Ventures Inc, Victoria, Canada. They have a cookie-free approach and use strong de-identification and encryption methods to make the data anonymous and unable to be tracked back to you personally. Anonymous data is only generated regarding the use of this website – no cross-website tracking is possible.

The purpose of us using this software is to understand our website traffic in the most privacy-friendly way possible so that we can continually improve our website and the user experience. The legal basis is therefore our legitimate interest in constantly improving and adapting our website to better serve our users according to Art. 6 (1) lit. f) GDPR.

However, to achieve this some personal data (including your IP address) is initially transferred to Fathom Analytics in North America where the de-identification and encryption treatment takes place. The personal data transferred is deleted after 24 hours. You can read more about this on Fathom Analytics’ website (https://usefathom.com/compliance).

Google Fonts – displaying text correctly

Our website uses Google fonts for the integration of external fonts, a service of Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland, hereafter “Google”).

By integrating Google Fonts, when you visit our website, you will be connected directly to Google’s servers and your web browser automatically sends certain information to Google, including the URL of the page you’re visiting and your IP address, language settings, browser screen resolution, browser version and browser name. The fonts can only be transferred by Google directly to your browser, which then integrates them into the website.

It is possible to block the connections to fonts.googleapis.com through your operating system or a suitable browser add-on. The use of our website could then be limited (the text will not display correctly).

The purpose of this data collection is to deliver a uniform representation of fonts and icons, which are offered by Google fonts. The legal basis is therefore our legitimate interest in the uniform presentation according to Art. 6 (1) lit. f) GDPR.

The data collected by Google is stored on secure servers located all over the world. Data transfers outside EU are carried out under the Standard Contractual Clauses (SCCs), which have been upheld by the EU Court of Justice as a legal means of transferring data under the requirements of the GDPR. For more information on the protection of data transfers to google in the US see: https://policies.google.com/privacy/frameworks?hl=en-US.

Google states that your font request is stored for 24 hours on their server (see: https://developers.google.com/fonts/faq2). How long other personal data is retained is not fully clear in Google’s privacy policy (link below), though they do state “In some cases, rather than provide a way to delete data, we store it for a predetermined period of time. For each type of data, we set retention timeframes based on the reason for its collection. For example, to ensure that our services display properly on many different types of devices, we may retain browser width and height for up to 9 months”.

For more information about Google’s collection and processing of your data and related rights, please refer to Google’s Privacy Policy at http://www.google.com/policies/privacy/?hl=en.

Font Awesome – displaying icons correctly

Our website uses the web fonts of “Font Awesome” for the uniform representation of fonts.
By integrating Font Awesome, a direct connection to the servers of a Content Delivery Network (CDN) is established when visiting our website. The typefaces can only be transferred by the CDN directly to your browser, which then integrates them into the website.

By using Font Awesome, information about the use of our website, including your IP address, will be transmitted to and stored by a server of the CDN.

The transferred typefaces come from two CDN providers:
• Cloudflare Inc, headquartered in San Francisco, USA. More information about the collection and processing of your data by Cloudflare as well as your relevant data subject rights can be found here: https://www.cloudflare.com/gdpr/introduction/
• StackPath LLC, based in Dallas, Texas, USA. More information about the collection and processing of your data by StackPath as well as your relevant data subject rights can be found here: https://www.stackpath.com/legal/privacy-statement

The purpose of this activity is a uniform representation of fonts and icons offered by Font Awesome allowing clarity of communication on our website. The legal basis is therefore the legitimate interest in the uniform presentation according to Art. 6 (1) lit. f) GDPR.

The data received by the CDN provider is stored on secure servers located all over the world. Data transfers outside EU are carried out under the Standard Contractual Clauses (SCCs), which have been upheld by the EU Court of Justice as a legal means of transferring data under the requirements of the GDPR.

Font Awesome usually stores data about how you use content delivery networks in identifiable form for just a few weeks. In special circumstances, such as extended investigations about technical attacks, Font Awesome may preserve log data longer, for analysis. Font Awesome stores aggregate statistics about use of content delivery networks indefinitely, but those statistics do not include data identifiable to users personally.
Further information about privacy at Font Awesome specifically can be found here: https://fontawesome.com/privacy.

Changes to our privacy policy

Our Company keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 1 June 2021.

How to contact us

If you have any questions about our cookie or privacy policies, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.
Email us at: rob@innovationability.com

How to contact the appropriate authority

Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you have the right to lodge a complaint with a supervisory authority in the Member State of your usual residence, place of work or place of the alleged infringement. The link below will take you to the official list and contact details per country.
https://edpb.europa.eu/about-edpb/about-edpb/members_en

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR Cookie Consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.