November 2020
Information about our company, IME application and our websites.
Our Privacy Statement covers The IME application and its websites. It also covers any email communications that we may send to you or your company. IME company is based in Iraq.
We are committed to protecting your privacy. This Privacy Statement describes the ways in which we collect information from you and what we use it for. Please read the policy to check how your information will be treated. It also describes your data protection rights, including a right to object to some of the processing which IME company carries out. More information about your rights, and how to exercise them, is set out in the Your Rights section.
This Privacy Statement may be updated periodically. We will update the date at the top of this Privacy Statement accordingly. On some occasions, we may also actively advise you of specific data handling activities or significant changes to this Privacy Statement, as required by applicable law.
The terms of this statement should be read together with our Terms and Conditions, any additional terms and conditions, disclaimers or other contractual terms you have entered into with us and any applicable mandatory laws and regulations, as amended from time to time.
Personal Data we collect
Information collected directly:
– If you are enquiring about, registering for, or using our services and application, then we will process your personal data – including your name, address, e-mail address and phone number, preferences (e.g. currencies you are interested in and service usernames and passwords.
– If you attend one of our events or express interest in doing so you may provide us with your name, contact information, interests and marketing preferences.
– You may give us information about you when you complete a form on our site or by corresponding with us by phone, e-mail or other electronic means, or in writing.
– We use CCTV cameras in our premises, which may capture images including your personal data.
– We also undertake video and audio recordings of activity at our office, and record certain phone lines as set out in the Recording of telephone calls section.
– When we send or receive email from you we collect the address and content of the emails.
Information we collect about you from third parties:
– Our members and prospective members, and our members’ clients and prospective clients, may provide us with their personal data and of their clients, staff, Directors and shareholders – including name, address, e-mail address and phone number, job titles and responsibilities, other information set out in a CV, passports and national identification documents, financial information (bank statements and debit/credit card statements), utility bills and share certificates.
– Members of the application will provide us with personal data about their staff (names and contact information) which we process as necessary to manage our relationship with the app members and to ensure their suitability.
With regard to each of your visits to our app we may automatically collect the following information:
– technical information, including the Internet protocol (IP) address used to connect your device to the Internet, your login information, time zone setting, browser plug-in types and versions, operating system and platform; and
– information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); services or issues you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Information we receive from other sources:
– We undertake commercial and legal due diligence checks on our members and prospective members, which involves obtaining personal data on staff, Directors and shareholders from third parties which provide background checking services. The data we obtain may in limited cases include information about criminal offences or convictions of individuals.We may combine the information we have collected from with information from other sources, such as public records or bodies, or private organisations.
Purpose and legal basis
We use personal data for the following purposes:
(1) Where this is necessary for purposes which are in our, or third parties, legitimate interests. These interests are:
– To undertake all necessary commercial due diligence on our members and prospective members;
– To develop our business by managing our relationships with actual or prospective: members, members’ clients, and any other key stakeholders;
– To provide users with access to our app and features on the app;
– To send individuals information they have requested;
– To ensure the security of our app and our systems, by trying to prevent unauthorised or malicious activities;- To enforce compliance with our Membership Agreement and Terms and Conditions, and other contracts and policies;
– To send service messages to our members;
– To ensure the safety and security of our staff and premises through the use of CCTV cameras;
– To ensure the suitability of individuals who are permitted to be a member; and
– To undertake internal analysis on, and improvements of, our business.
(2) For purposes which are required by law:
– To collect and hold certain personal data in order to comply with our legal responsibilities
– To carry out anti-money laundering and other due diligence checks required for compliance with the law and our regulatory responsibilities;
– To monitor and report suspicious activities in accordance with our regulatory obligations; and
– In response to requests by government or law enforcement authorities conducting an investigation.
(3) To fulfil a contract, or take steps linked to a contract:
– To process an individual’s registration on our app; and
– To send individuals information about their use of our app and changes to our terms or policies.
(4) Where you give us consent:
– Where you ask us to send marketing information to you via a medium where we need your consent (for example, email marketing to private email addresses);
and
– On other occasions where we ask you for consent, for the purpose which we explain at that time.
We have carried out balancing tests for all the data processing we carry out on the basis of our legitimate interests, which we have described above. You can obtain information on our balancing tests by contacting us using the details set out later in this notice.
Confidentiality / Security
We have implemented security policies, rules and technical measures to seek to protect the personal data that we have under our control from:
- unauthorised access;
• improper use or disclosure;
• unauthorised modification; and
• unlawful destruction or accidental loss.
All our employees and data processors who have access to and are associated with the processing of personal data are obliged to respect the confidentiality of your personal data.
Data Sharing
The personal data we process will be shared as follows:
– with companies providing services to us which require the processing of personal data, such as training providers, identity verification and security providers, and IT hosting, IT platform and/or IT maintenance providers, marketing agencies, email management suppliers, and service providers which assist with our commercial and legal due diligence processes;
– with government authorities and/or law enforcement officials if required, if mandated by law or if required for the protection of our legitimate interests in compliance with applicable laws;and
– in the event that our business is sold or integrated with another business, your personal data may be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.
Except where you have explicitly given us permission, we will not pass your details onto any other organisations (except as noted above) or publish them publicly. Where you have requested us to pass on details to related organisations we will require them to comply with this privacy policy.
International Transfers
Your personal data will not be processed in or accessed from jurisdictions outside the Iraq. For further information, including to obtain a copy of the documents used to protect your information, please contact us as described in the Privacy Support section below.
Your Rights
You have the right to ask us for a copy of your personal data; to correct, delete or restrict processing of your personal data; and to obtain the personal data you provide in a structured, machine readable format.
In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement). Where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent to us processing your data, this will not affect any processing which has already taken place at that time.
You can object at any time to our use of your personal data for direct marketing purposes, by contacting us using the information below.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. If you have unresolved concerns, you have the right to complain to a data protection authority.
Retention
We retain records related to actual or prospective: members and members’ clients, and any other key stakeholders, for an indefinite period of time, where such records are pertinent for IME to ensure the orderly functioning of its markets.
Personal data relating to our members’ clients will be retained for as long as the relevant client is registered to use our services.
Where we process personal data for marketing and client relationship management purposes or with your consent, and you remain an active user of our websites or services, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in future. Where you cease to be an active user of our app or services, we will retain your data used for marketing and client relationship management purposes for a period of two years from your last interaction with us.
Recordings of telephone calls
We may record:
(a) telephone calls made or received by representatives of IME company; and
(b) the telephone number from which callers telephone IME company, together with the time, date and content of the call,
for the purpose of complying with our legal and regulatory obligations.
We may maintain records relating to (a) and (b) above.
Privacy support
If you have any questions or concerns about our privacy policy, please contact: