Request a Demo

Customer Privacy Notice

Definition

Personal information is information that is about or can be related to an identifiable individual.

Sensitive personal information includes:

  • Information on medical or health conditions
  • Financial information
  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Sexual preferences
  • Information related to offenses or criminal convictions

Purpose and Authority

As a rule, ibml does not require the collection of personal information from customers. There are 3 exceptions:

  • CAS outsourcing scanning functions do handle customer protected information (technically 4th party)
  • As a part of the sales process, some customer data that may include customer protected data, is used for testing scanner functions.
  • ibml service personnel may inadvertently have access to customer protected information while performing service calls. ibml’s service personnel do not need access to customer data to resolve service issues.
  • ibml may inadvertently receive personal information from customer documents by handling customer test or trouble information. It is ibml’s intent that all such personal information is redacted prior to being sent to ibml.
  • Some company confidential and personal information may be collected as a result of the contracting process

Sharing

  • Any personal or private information that ibml receives or might access is not shared with the exception that ibml will comply with any legal request to share customer protected information with law enforcement.
  • ibml will provide an "Accounting of Disclosures", unless prohibited by a legal restraint, for any customer data that has been shared when requested by the customer.

Internal Use

  • CAS uses customer protected information internally during scanning operations to provide the customer contracted scanning services.
  • Any other personal or private information that ibml personnel receive or have access to is only used for the purposes noted above and is not shared.

Protection

Section 7.5 of ibml’s IT Security Policies and Standards describes the protection of customer protected information.

  • Customer protected information in hardcopy format is stored in locking storage cabinets with restricted, sign out access. Customers sending documents to ibml must fill out the ibml customer document classification form. For documents classified as “secure”, the form must include an accurate tally and description of the documents being sent, the expiration date for ibml’s authorization to possess the secure documents, and the desired procedures to follow at the end of the authorized period.
  • Customer protected information in electronic format is stored in secure data stores on ibml servers, or on encrypted volumes on removable media with restricted access.

Access

As all customer personal information that ibml receives or has access to is a copy of existing information that is maintained by the customer, there is no need for customers to have access to this data for review and update.

Retention

  • Customer contracts with CAS should specify the retention period for any customer data that CAS has access to. Customer data is deleted at the end of the retention period.
  • The customer document classification form requires customers to specify the retention period for hardcopy customer protected information. These hardcopy documents are shredded at the end of the retention period.
  • Any customer data provided to the help desk is deleted 1 year after the incident is closed.

Contact

Customers can contact their customer services representative or email security@www.ibml.com with privacy related questions.

 

Business Associate Privacy Notice

Definition

Personal information is information that is about or can be related to an identifiable individual.

Sensitive personal information includes:

  • Information on medical or health conditions
  • Financial information
  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Sexual preferences
  • Information related to offenses or criminal convictions

Purpose and Authority

  • ibml’s business associates should not need or use ibml’s or ibml’s customers’ protected information, however, some ibml business associates as they perform their jobs may inadvertently have access to the private and protected information of either ibml’s customers or ibml itself.
  • ibml may collect some business associate protected information as a part of the contracting process.

Sharing

  • Any personal or private information that ibml collects from business associates or that business associates might have access to will not be shared with the exception that ibml will comply with any legal request to share business associate protected information with law enforcement.
  • ibml will provide an "Accounting of Disclosures", unless prohibited by a legal restraint, for any customer or business associate data that might have been shared.

Internal Use

  • ibml’s business associates should not need or use ibml’s or ibml’s customers’ protected information.
  • ibml may use some business associate protected information as a part of the contracting process.

Protection

Section 7.5 of ibml’s IT Security Policies and Standards describes the protection of customer protected information.

  • Protected information in hardcopy format is stored in locking storage cabinets with restricted, sign out access. Customers sending documents to ibml must fill out the ibml customer document classification form. For documents classified as “secure”, the form must include an accurate tally and description of the documents being sent, the expiration date for ibml’s authorization to possess the secure documents, and the desired procedures to follow at the end of the authorized period.
  • Protected information in electronic format is stored in secure data stores on ibml servers, or on encrypted volumes on removable media with restricted access.

Access

As all business associate or customer personal information that ibml receives or has access to is a copy of existing information that is maintained by the business associate or customer, there is no need for business associate or customers to have access to this data for review and update.

Retention

Business associate contracting data is retained for the duration of the contract and for 6 years after when it is deleted.

Contact

Business associates can contact their primary ibml representative or email security@www.ibml.com with privacy related questions.