IDeaS™ Software as a Service Privacy Policy

Commitment to Privacy

IDeaS (“we”, “us” and “our”) offers software as a service (SaaS) and other analytics solutions, and the subject-matter experts to manage them. We provide these solutions to organizations (“you” and “your”) and your employees (“Data Subjects”) around the world.

The privacy of your Data Subjects is important to us. This policy describes and explains IDeaS’ practices and the measures we take to protect their privacy and comply with applicable laws and our obligations. This policy also describes your choices regarding use, access and correction of your data subjects’ personal data so you can better understand IDeaS’ practices and ensure they are consistent with any privacy notices you have made available to them.

Scope of Policy

This Privacy Policy describes how IDeaS collects, receives, accesses, uses and discloses certain personal data received in connection with IDeaS SaaS, and other analytics solution offerings, and governs IDeaS’ use of such personal data to provide those offerings to you pursuant to our agreements.

This Privacy Policy does not apply to information collected by IDeaS from visitors to, information collected by IDeaS in connection with an individual’s creation of an IDeaSPortal account, for purposes unrelated to IDeaS SaaS , or information collected by IDeaS through other offerings. For information about how IDeaS collects, uses and discloses information through and other IDeaS offerings, please see the IDeaS Privacy Statement.

International Data Transfers

Due to the global nature of our operations, some data recipients may be located in countries outside the European Economic Area (EEA), Switzerland, or the United Kingdom (UK), which do not provide an adequate level of data protection as defined by data protection laws in the EEA, Switzerland, and the UK. Transfers among IDeaS affiliates or to third parties located in such third countries take place using a valid data transfer mechanism, such as the EU Standard Contractual Clauses (SCCs) (as well as the corresponding Swiss annex and UK Addendum, as appropriate), on the basis of permissible statutory derogations, or any other valid data transfer mechanism issued or approved by the EEA, Swiss, or UK authorities. Certain third countries have been officially recognized by the EEA, Swiss, and UK authorities as providing an adequate level of protection, and no further safeguards are necessary.

The SCCs are a contractual terms template that have been pre-approved by the European Commission and serve as a legal transfer mechanism. IDeaS uses these SCCs and supplemental measures in accordance with European Commission and European Data Protection Board guidance. These updated SCCs, as well as the corresponding Swiss annex and UK Addendum, are an integral part of the IDeaS Data Processing Agreements (DPAs) that IDeaS executes with its customers, sub-processors and partners when applicable. The terms of IDeaS’ DPA apply to transfers of personal data originating in the European Economic Area (EEA), Switzerland, and/or the UK from you, as the data exporter, to IDeaS and its affiliates that are located in third countries, as the data importers.

Data Processed and Purposes of Processing

IDeaS SaaS collects and processes two kinds of personal data: Customer Information and Client Information.

Customer Information is information that we receive from you, or from a third party at your direction, about your Data Subjects. We collect only the Customer Information that you provide to us, direct us to collect, or access to provide services to you. Customer Information may include personal data about different types of individuals, including: consumers, employees, and other business partners. Such personal data may include basic contact information, such as name, postal address, email address and phone number, as well as more sensitive personal data, such as financial information, demographic information, purchase information, market-research information, and employee performance information. Indeed, IDeaS may, upon your instruction, obtain any type of data about any type of individual that you upload to our products, send to us through online or offline mechanisms, or direct us to collect from third-party aggregators, such as Dun & Bradstreet.

We operate under the assumption that it is your obligation as a data controller to notify individuals whose personal data may be included in your Customer Information about the personal data you collect and the purposes for which you collect it, to obtain their consent to our processing of their personal data, where required, and to ensure that such personal data is reliable for its intended use, accurate, complete and current. We have no direct relationship with the individuals whose personal data is included in the Customer Information we process.

We collect and process Customer Information only for the purpose of providing services to you and in accordance with our agreements with you. In certain situations, we may supplement Customer Information provided by you with information from other sources. This is done only when you specifically request, and we agree to, such supplementation. This supplementation of Customer Information is for the sole purpose of providing services to you. We will retain Customer Information for the duration stipulated in our agreement with you, or longer, as necessary to comply with our legal obligations, resolve disputes or enforce our agreements.

Client Information is personal data about people in your organization, such as account managers and users, who interact with IDeaS’ SaaS and its systems. Client Information usually is limited to name, work email address, work phone number and job title. We collect Client Information through online forms, email, phone and other written means that you use to provide it to us. We use Client Information to support your account, maintain our business relationship with you, respond to your inquiries and perform accounting functions.

Client Information may also include User Information. User Information is information generated by computers that interact with our systems. User Information may be collected through the following:

  • Web server logs/web analytics. In the process of administering our site, we maintain and track usage through web server logs and may use web analytic tools to review log information. These logs provide information, such as what types of browsers are accessing our sites, what country the access request is originating from, what pages receive high traffic and the times of day our servers experience significant load. We use this information to improve the content and navigation features of our sites.
  • Cookies and other tracking technologies. There are various tracking technologies, including “cookies,” which can be used by us to provide tailored information from a website. A cookie is an element of data that a website can send to your browser, which may then store it on your system. Some IDeaS SaaS systems may use cookies for authentication and security and/or to remember user settings so that we can better serve you when you return to those systems. By using those systems, you agree that we can place these types of cookies on your system. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it. You can control the use of cookies at the individual browser level. For more information, please refer to the user information provided with your web browser.   If you reject cookies, you may still use IDeaS products, but your ability to use some features or areas of those systems may be limited.

We may also use User Information to help us prevent and detect security threats, fraud or other malicious activity, to manage billing for those subscription services based on usage and to ensure the proper functioning of our products and services.

IDeaS may additionally use Customer Information and Client Information for the following purposes:

  • To maintain and upgrade a system. Our technical staff may require periodic access to services data that may include Customer Information or Client Information, to monitor system performance, test systems, and develop and implement upgrades to systems. Any temporary copies of such services data created as a necessary part of this process are maintained only for time periods relevant to those purposes.
  • To address performance and fix issues. On occasion, we may develop new versions, patches, updates and other fixes to our programs and services, such as security patches that address newly discovered vulnerabilities. In accordance with the terms of your order for services, we may remotely access a user’s computer, while that user observes, to troubleshoot a performance issue.
  • To meet legal requirements. IDeaS may be required to provide personal data to comply with legally mandated reporting, disclosure or other legal process requirements when we believe, in our sole discretion, that disclosure is necessary to protect our rights, or to respond to a government request.

Data Access and Correction; Choices for Limiting Use and Disclosure

The EU General Data Protection Regulation (GDPR), Swiss Federal Act on Data Protection and UK GDPR/Data Protection Act require that data subjects have rights to access personal data about themselves that an organization holds and, more specifically, a right to: (1) obtain confirmation whether personal data about them is being processed; (2) have the data communicated to them so they may verify its accuracy and the lawfulness of the processing; and (3) have the data corrected, amended or deleted.

With respect to Customer Information, we operate under the assumption that it is your obligation as data controller to provide your data subjects a means of accessing their data and requesting that such data be corrected, amended or deleted. Under our current business model, we have no direct interaction with your data subjects, and, therefore, have no direct way for them to submit these requests to us. If you are a IDeaS SaaS  customer, and you receive such a request from a data subject about whom we host personal data, and you would like our assistance in responding to that request, please contact our privacy office at or

Integrated Decisions and Systems, Inc.
8500 Normandale Lake Blvd., Suite 1200
Bloomington, MN 55437
Attention: Privacy Office 

We will respond to requests within 30 days of receipt.

With respect to Customer Information, we operate under the assumption that it is your obligation as data controller to obtain from your data subjects the appropriate consent to transfer their data to us and for us to process their data, to provide agreed-upon services to you and to disclose their data to third parties, consistent with this Policy and our agreements with you. We will not share, sell, rent or trade with third parties for their marketing purposes any Customer Information collected by us, unless you direct us to do so and have the appropriate authorization to do so. If your data subject would no longer like to be contacted by you or by IDeaS at your direction, please inform the data subject to contact you, as IDeaS’ customer, directly.

With respect to Client Information, certain IDeaS SaaS systems enable users to access and amend or correct their own personal data. Otherwise, if you or your users would like to request access to or correction of Client Information, please contact our privacy office at or

Integrated Decisions and Systems, Inc.
8500 Normandale Lake Blvd., Suite 1200
Bloomington, MN 55437
Attention: Privacy Office 

We will respond to requests within 30 days of receipt.

We will not use or disclose Client Information for purposes that are materially different than those described in this Policy, or subsequently authorized, without offering data subjects a choice to opt out of such uses or disclosures.

Data Security

We take reasonable measures that are designed to protect personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction. Some of our security measures include the following:

  • Employee training and responsibilities. We take certain steps to reduce the risks of human error, theft, fraud and misuse of our facilities. We train our personnel on our privacy and security policies, and we require our employees to sign confidentiality agreements. We also have assigned to an individual the responsibility to manage our information security program.
  • Access control. We limit access to Customer Information to only those individuals who have an authorized purpose for accessing that information. We terminate those access privileges following job change or termination.
  • Data encryption. All electronic transfers of non-public Customer Information between you and IDeaS (including sensitive personal data and sign-on credentials) are required by IDeaS to be done through encrypted connections.

If we confirm that your Customer Information has been accessed or used by unauthorized individuals, we will contact your designated representative to coordinate our response to the incident. If you have any questions about the security of your personal information, you can contact us at or

Integrated Decisions and Systems, Inc.
8500 Normandale Lake Blvd., Suite 1200
Bloomington, MN 55437
Attention: Privacy Office 

We keep your personal data for as long as necessary to fulfill the purposes outlined in this Policy, to adhere to our policies, and for any period as legally required or permitted by applicable law.

Onward Transfers to Third Parties

IDeaS may disclose personal data to business partners and subcontractors, as necessary, for the purpose of providing our offerings and performing other requested services, or as otherwise appropriate in connection with a legitimate business need. These companies are authorized to use your personal data only as necessary to provide these services to us. We may also disclose personal data you provide to other IDeaS entities and/or business parties for purposes compatible with those described in this Policy and in accordance with our agreements with you. We will not disclose personal data to third parties for purposes other than those described in this Policy, except at your direction and with your authorization. Disclosures of personal data will be carried out in accordance with SCCs and applicable data protection laws relating to onward transfers. We will not sell, rent or lease your personal data to others.

We may also disclose personal data to a third party, as necessary, in connection with the sale or transfer of all or part of our business. In these situations, we will require the recipient of the data to protect the data in accordance with this Policy or otherwise take steps to ensure that the personal data is appropriately protected. If IDeaS is involved in a sale or transfer of all or part of our business, you will be notified via email and/or a prominent notice on our website of any changes to IDeaS’ ownership or uses of your personal data, and of choices you may have regarding your personal data.

IDeaS may also disclose personal data as required or permitted by law, such as in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, or when we believe in our sole discretion that disclosure is necessary or appropriate to protect our rights or to comply with a judicial proceeding, court order, law enforcement request or other legal process.

IDeaS is a global corporation with subsidiaries, customers and business partners in more than 154 countries and with technical systems that cross borders. Personal data collected on IDeaS SaaS systems may be transferred across state and country borders and stored or processed in the United States or any other country in which IDeaS, its subsidiaries, affiliates or business units maintain facilities for the purposes of data consolidation, storage and information management. By using our systems, your organization consents to any such transfer of information outside of your country of residence. IDeaS, its subsidiaries, affiliates and business units will handle your information collected by our systems in a consistent manner, as described here, even if the laws in some countries may provide less protection for your information. Our privacy practices are designed to protect your personal data all over the world.

Inquiries and Complaints

If you have questions or concerns regarding this Policy or our handling of your personal data, you should first contact us by sending an email to or by regular mail to the attention of:

Integrated Decisions and Systems, Inc.
8500 Normandale Lake Blvd., Suite 1200
Bloomington, MN 55437
Attention: Privacy Office 

We will respond within a reasonable time frame.

Changes to This Policy

We reserve the right to modify this Policy at any time. It is your responsibility to request current version of this document at your preferred interval.

Effective Date: May 1, 2024

Latest Revised Date: May 1,2024