Privacy Statement

© iMatte Inc. March 21, 2011


This document declares the Undertakings by iMatte Inc. in relation to its handling of Your Data, as those terms are defined in the Definitions section below.

The terms 'undertake' and 'undertaking' are used in order to make clear that iMatte's commitments give rise to legal obligations. These Undertakings are additional to the formal legal requirements that iMatte is subject to in various jurisdictions throughout the world.

The term 'Your Data' refers to identified personal data about you that may arise from multiple roles that you may play, and multiple relationships that you may have with iMatte, including as site-visitor, member, officer, candidate for office, employee or contractor, and through associations with iMatte publications, including as author, editor, reviewer and website contributor.


Contents

Data Collection

Data Security

Data Use

Data Disclosure

Data Retention and Destruction

Access by You to Your Personal Data

Information about Data Handling Practices

Handling of Enquiries, General Concerns and Complaints

Enforcement

Changes to These Privacy Undertakings

Definitions


Data Collection

iMatte undertakes to collect Your Data by means that are:

fair;

legal; and

transparent.

If you visit iMatte’s website, your web-browser automatically discloses, and iMatte 's web-server automatically logs, the following information: the date and time, the IP address from which you issued the request, the type of browser and operating system you are using, the URL of any page that referred you to the page, the URL you requested, and whether your request was successful. This data may or may not be sufficient to identify you.

Any additional data that you provide, e.g. in a web-form, may also be logged. This data may or may not be sufficient to identify you.

Any additional data that your web-browser automatically provides may also be logged. This will be the case, for example, if your browser has previously been requested to store data on your computer in 'cookies' and submits them each time you request a web-page within a particular domain. This data may or may not be sufficient to identify you.

iMatte uses cookies when a visitor arrives on the web-site, and when a user logs on to sections of the iMatte website that require their username and password, such as the Directory and the Digital Library. Most of the cookie-data is encrypted, and contains no sensitive data such as passwords. All cookies are set for session-only, and hence browsers should delete them at the next opportunity, such as the next quit and re-start.

If you disclose personal data to iMatte in conjunction with an identifier such as your name or your credit-card details, iMatte will collect Your Data. Moreover, any data that becomes available to iMatte through any of the means described in the preceding paragraphs may be able to be associated with that identifier, and hence become Your Data.

iMatte undertakes to collect Your Data from you and not from other parties.

Where iMatte collects Your Data from sources other than you, it undertakes:

to do so only by legal means;

to do so only with your Consent (as defined in the Definitions section below); and

to declare to you what sources it uses, and under what circumstances.

iMatte undertakes to declare the purpose of collection of Your Data in a manner that is clear and meaningful. These declarations are to be found in the Definition of Your Data below, and in relevant data collection forms.


Data Security

iMatte undertakes to store Your Data in a manner that ensures security against unauthorised access, alteration or deletion, at a level commensurate with its sensitivity.

iMatte undertakes to transmit Your Data in a manner that ensures security against unauthorised access, alteration or deletion, at a level commensurate with its sensitivity.

iMatte undertakes to apply protections for Your Data at a level consistent with the OECD Guidelines on Privacy and on Security, even though Your Data may be stored in or transmitted to a Jurisdiction whose legal requirements are lower than that.

iMatte undertakes to implement appropriate measures to ensure security of Your Data against inappropriate behaviour by iMatte 's staff-members, contractors and officers. These include:

training for staff in relation to privacy;

access control, to limit access to Your Data to those staff, contractors and officers who have legitimate reasons to access it;

logs of changes to data;

reminders to staff and contractors from time to time about the importance of data privacy, and the consequences of inappropriate behaviour;

declaration of appropriately strong sanctions that are to be applied in the event of inappropriate behaviour;

clear communication of policies and sanctions to staff; and

processes to investigate and to impose sanctions.


Data Use

Use refers to the application of Your Data by any part of iMatte, or any iMatte staff-member, contractor or officer, in the course of their work.

iMatte undertakes to use Your Data only under the following circumstances:

for purposes for which we have your Consent, including purposes that are initially or subsequently agreed between you and iMatte, purposes directly implied by the agreed purposes, and at your request;

for such additional purposes as are required by law in a relevant Jurisdiction. In these circumstances, iMatte will take any reasonable steps available to it to communicate to you that the use has occurred, unless it is precluded from doing so by law; and

for such additional purposes as are authorised by law in a relevant Jurisdiction (in particular to protect iMatte interests, e.g. if it believes on reasonable grounds that you have failed to fulfill your Undertakings to iMatte).

iMatte undertakes to use Your Data only if it has demonstrable relevance to the particular use to which it is being put, and to use only such of Your Data as is necessary in the particular circumstances.

iMatte undertakes to use Your Data in such a manner as to take into account the possibility that it is not of sufficient quality for the purpose, e.g. because it is inaccurate, out-of-date, incomplete, or out-of-context.


Data Disclosure

Disclosure refers to making Your Data available to any party other than iMatte and you. The term disclosure may include many different conditions of data transfer, including selling, renting, trading, sharing and giving.

iMatte undertakes to disclose Your Data only under the following circumstances:

for purposes for which we have your Consent, including purposes that are initially or subsequently agreed between you and iMatte, purposes directly implied by the agreed purposes, and at your request;

for such additional purposes as are required by law, such as a provision of a statute, or a court order such as a search warrant or subpoena. In these circumstances, iMatte will take any reasonable steps available to it to communicate to you that the disclosure has occurred, unless it is precluded from doing so by law;

for such additional purposes as are permitted by law (e.g. the reporting of suspected breach of the criminal law to a law enforcement agency; and in an emergency, where iMatte believes on reasonable grounds that the disclosure of Your Data will materially assist in the protection of the life or health of some person), provided that iMatte will apply due diligence to ensure that the exercise of the permission is justifiable.

Where Your Data is disclosed to an outsourced service-provider (e.g. to a company that processes credit-card transactions), iMatte undertakes to make reasonable endeavors to exercise control over compliance by its service-provider with the terms of this Privacy Policy Statement.

iMatte undertakes to disclose Your Data only if it has demonstrable relevance to the particular use to which it is being put, and to disclose only such of Your Data as is necessary in the particular circumstances.

iMatte undertakes to disclose Your Data in such a manner as to take into account the possibility that it is not of sufficient quality for the purpose, e.g. because it is inaccurate, out-of-date, incomplete, or out-of-context.


Data Retention and Destruction

Subject to the qualifications immediately below, iMatte undertakes:

to retain Your Data only as long as iMatte reasonably believes it is consistent with its purpose; and

to destroy Your Data when iMatte reasonably believes its purpose has expired, and to do so in such a manner that Your Data is not subsequently capable of being recovered.

This Undertaking is qualified as follows:

when Your Data falls due for destruction, it may be retained for a period beyond its expiry of purpose, until the next regular deletion cycle;

Your Data may be retained in iMatte 's logs, backups and audit trails within short-term retention cycles that are devised to protect the company's operations. In such cases, Your Data will be destroyed in accordance with those cycles;

in some circumstances, Your Data may be retained in an archive. An archive may be internal-only and accessible only by staff, contractors and officers; or it may be publicly available, as is the case with data relating to previous iMatte officers;

Your Data may be retained beyond the expiry of its purpose if that is required by law, such as a provision of a statute, or a court order such as a search warrant or subpoena, or a warning by a law enforcement agency that delivery of a court order is imminent. In these circumstances, iMatte:

owill take any reasonable steps available to it to communicate to you that Your Data is being retained, unless it is precluded from doing so by law; and

owill only retain Your Data while that provision is current, and will then destroy Your Data;

Your Data may be retained beyond the expiry of its purpose if such retention is authorised by law (in particular to protect iMatte 's interests, e.g. if it believes on reasonable grounds that you have failed to fulfil your Undertakings to iMatte or may have committed a breach of the criminal law). In these circumstances, iMatte will only retain Your Data while that situation is current, and will then destroy Your Data.


Access by You to Your Personal Data

iMatte undertakes to provide you with access to Your Data, subject to only such conditions and processes as are reasonable in the circumstances. In particular, iMatte undertakes to enable access:

conveniently;

without unreasonable delay; and

without cost to you.

iMatte undertakes to establish and operate identity authentication protections for access to Your Data that are appropriate to its sensitivity, but practical. This may involve some inconvenience; for example, relatively straightforward procedures may be involved in order to provide you with access through a channel that you have previously provided to iMatte (such as a particular email-address), but more onerous procedures may have to be imposed if you wish to use some other channel.

If you request it, iMatte undertakes to take reasonable steps in relation to the amendment, supplementation or deletion of Your Data.

In providing these undertakings, iMatte is working on the assumptions that:

you will not to seek access, amendment, supplementation or deletion for frivolous purposes, or unreasonably frequently;

you accept that deletion of some categories of data may result in iMatte no longer being able to provide particular services to you.


Information about Data-Handling Practices

iMatte undertakes to make information available to you about the manner in which iMatte handles your data:

in general terms, in a readily accessible manner, by means of this Privacy Policy Statement published on the iMatte website; and

in more specific terms, on request.

Where Your Data is disclosed to an outsourced service-provider, iMatte undertakes to make information available to you, on request, about the manner in which iMatte 's outsourced service-provider handles Your Data.

iMatte undertakes to ensure that the information provided about data-handling practices is meaningful, and addresses your concerns.

In providing these undertakings, iMatte is working on the assumptions that:

you will not seek such information for frivolous purposes, or unreasonably frequently; and

you accept that the disclosure of excessive detail may harm the security of Your Data and iMatte 's business processes, and may harm iMatte 's operational activities.


Handling of Enquiries, General Concerns and Complaints

In providing these undertakings, iMatte is working on the assumption that, if you have enquiries, general concerns, or complaints about any aspect of this Privacy Policy Statement, or about iMatte 's behavior in relation to its Undertakings, you will communicate them in the first instance:

to iMatte only;

in sufficient detail;

through a channel made available by iMatte for that purpose;

iMatte undertakes:

to provide one or more channels for communications to iMatte, which are convenient to users. To find these channels, please go to the iMatte Contacts Page;

to promptly provide acknowledgement of the receipt of communications, including a copy of the communication, the date and time it was registered, and an indication of how to follow up the matter with iMatte if a formal response is slow in arriving;

to promptly provide a response to the communication, in an appropriate and meaningful manner.

In providing these undertakings, iMatte is working on the assumption that you will not pursue iMatte through any Regulator or the media:

until and unless iMatte has had a reasonable opportunity to respond to the initial communication; and

while iMatte and you are conducting a meaningful dialogue about the matter.


Enforcement

iMatte declares that the Undertakings expressed in this Privacy Policy Statement are intended to create legal obligations, and that those obligations are intended to be enforceable under appropriate laws in appropriate Jurisdictions. These may include laws relating to data protection, privacy, fair trading, unfair competition, the corporations law, and the criminal law.

In providing these undertakings, iMatte is working on the assumptions that:

you will not unreasonably seek enforcement until you have initiated the complaints-handling process and iMatte has had the opportunity to redress the wrong; and

you will seek enforcement only in a Jurisdiction that is relevant to the transactions that have taken place between you and iMatte, in particular the Jurisdiction in which you live or in which you performed the relevant acts, and the Jurisdiction in which iMatte is domiciled or performed the relevant acts.

If you wish to discover the relevant laws in any particular Jurisdiction, iMatte draws your attention to the following resources:

World LII Privacy Links

Compilation of [U.S.] State and Federal Privacy Laws, Privacy Journal, Providence RI

Privacy Law Sourcebook 2004, EPIC, Washington DC

Privacy International


Changes to These Privacy Undertakings

iMatte undertakes:

not to change this Privacy Policy Statement in a manner that materially reduces the protections for Your Data;

to subject proposals for material changes to this Privacy Policy Statement, or for more specific terms relating to particular services, to a process comparable with that used when making changes to the iMatte By-Laws, and including consultation with members and/or with one or more appropriate representative and advocacy organizations;

where new versions of this Privacy Policy Statement are promulgated, to ensure that:

othe previous versions and their dates of applicability remain accessible; and

othe differences between successive versions are visible;

to take all possible steps to prevent any organization that may take over or absorb iMatte or any of its relevant assets from materially changing the terms applicable to Your Data in a manner that reduces the protections for Your Data.


Definitions

Your Data means data that is capable of being associated with you, whether or not it includes an explicit identifier such as your name or customer number. In particular, it encompasses all data that iMatte is capable of correlating with you, using such means as server-logs and cookie-contents.

Your Data does not refer to data that cannot or can no longer be associated with you. This includes aggregated data that does not and cannot identify the individuals whose data are included in the aggregation.

iMatte handles personal data for the following purposes:

membership data. All data-items are supplied by the member, and can be viewed through the membership renewal web-forms. Credit-card details are retained only as long as they are needed to complete the payment transaction, with only partial details held long-term, in a log-file. Access to membership data is protected by password, and is permitted only by the member and relevant iMatte staff, contractors and officers;

officer data. The data-items are limited to name, affiliation and contact-points, as provided by the officer;

candidate data. The data is limited to that provided by candidates for iMatte offices, and is deleted after the election process is complete;

site-visitor. The data is limited to that provided by visitors and/or disclosed by the visitor's client-software in the normal course of operation of services such as the Web;

website contributor data. The data is limited to that provided by contributors of iMatte resource-pages;

employee and contractor data. The data-items are limited to that relevant to the relationship. Disclosures are limited to name, position description and contact-point, as displayed in the iMatte staff directory.

Consent means your concurrence with an action to be taken by iMatte. Consent may be expressed or implied, but in either case must be informed and freely-given.

Jurisdiction means the sphere of authority within which relevant legal powers may be exercised, in particular within which a particular court has authority. iMatte is incorporated in California USA. Its primary operations are in California USA. Its officers and agents are in many locations around the world, and hence iMatte may under various circumstances be subject to laws in a wide variety of jurisdictions.

Undertaking means an enforceable obligation that arises from a statement made, or an assurance or commitment given. In each case where this Privacy Policy Statement says that " iMatte undertakes" to do something, that statement gives rise to an Undertaking.


This document is a licensed adaptation of the Privacy Statement Template published by Xamax Consultancy Pty Ltd. The Template has been adapted to the extent necessary to customize it to the context in which iMatte operates.